Impact
The vulnerability involves insufficient validation of untrusted input in Chrome Chromoting on Windows prior to version 150.0.7871.47, which may allow a local attacker to escape the browser sandbox by supplying a malicious file. The weakness is reflected in CWE‑20, indicating a failure to properly filter or validate inputs. If exploited, an attacker could gain elevated privileges within the system by breaking out of the restricted browser environment.
Affected Systems
Google Chrome for Windows on all versions before 150.0.7871.47. The issue specifically targets the Chromoting component, which is used for remote desktop and screen sharing features.
Risk and Exploitability
The vulnerability is classified by Chromium as High severity. No EPSS score is publicly available, and it is not listed in CISA KEV. Because it requires local access to a malicious file and the attacker must run the compromised version of Chrome, the threat is limited to local or compromised environments. The attack vector is thus a local attacker with the ability to supply an attacker‑controlled file to the running Chrome instance. In the absence of an exploit, the risk remains theoretical but significant for users who enable Chromoting on untrusted machines.
OpenCVE Enrichment