Impact
A use‑after‑free flaw in Chrome’s Forms component allows a remote attacker to execute arbitrary code within the browser’s sandbox. The vulnerability is triggered by a crafted HTML page and can be leveraged to run malicious code inside the browser process. The primary impact is elevated code execution that could compromise other sandboxed applications or facilitate further lateral movement.
Affected Systems
Google Chrome versions earlier than 150.0.7871.47 are affected. The issue was discovered in the Forms handling code and has been fixed in Chrome 150.0.7871.47 and later releases.
Risk and Exploitability
The vulnerability is rated high by Chromium’s security severity assessment. The attack vector is remote, requiring an end user to load a malicious page. No EPSS score is available and the CVE is not listed in CISA’s KEV catalog, however the absence of a published exploit does not diminish the potential risk of exploitation. Given the nature of the flaw, if an attacker succeeds they could break out of the browser sandbox or perform additional operations that compromise system security.
OpenCVE Enrichment