Impact
Google Chrome contained a use‑after‑free flaw in its Document Object Model handling of web pages. The flaw allows a remote attacker to run arbitrary code within Chrome's sandbox, providing the attacker with the privileges of the browser process while still within the restrictions of the sandbox. Because the code executes in the context of the browser, the attacker could potentially perform malicious actions such as data exfiltration, credential theft, or further compromise of the host system.
Affected Systems
Chrome versions prior to 150.0.7871.47 are affected. All users of the Chrome stable channel who have not yet upgraded to version 150.0.7871.47 or later are at risk.
Risk and Exploitability
The vulnerability is rated high severity. The EPSS score is unavailable and the asset is not listed in CISA's KEV catalog, suggesting that known exploit tools are not yet publicly available. Nevertheless, exploitation requires a user to be tricked into loading a malicious HTML page, making it opportunistic but potentially impactful. If exploited, the attacker can leverage the sandboxed execution to further compromise user data or pivot to higher privileges.
OpenCVE Enrichment