Impact
An integer overflow in Skia within Google Chrome permits an attacker who can impact the renderer process to escape its sandbox, potentially enabling actions beyond the renderer’s restricted privileges. The CVE states that a remote attacker who has compromised the renderer process could exploit this overflow through a crafted HTML page. This high‑severity flaw is the result of a numeric overflow (CWE‑472) that undermines the browser’s isolation model.
Affected Systems
Google Chrome browsers on desktop platforms, any version prior to 150.0.7871.47. The affected component is the Skia rendering library integrated into the renderer process.
Risk and Exploitability
The CVSS score is 8.3, indicating high severity. The EPSS score is < 1%, reflecting a very low probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Attack requires delivery of a crafted HTML page to a renderer process that has already been compromised or is under the attacker's influence. Exploiting the integer overflow would allow the attacker to escape the renderer sandbox, potentially enabling actions beyond the sandboxed privileges but not guaranteeing arbitrary code execution on the host.
OpenCVE Enrichment