Impact
The vulnerability is a use-after-free flaw located in the Bluetooth processing logic of Google Chrome running on macOS. If an attacker can gain control of a renderer process, a crafted HTML page can trigger the freed memory to be accessed, allowing the attacker to escape the renderer sandbox and potentially execute code with higher privileges. The weakness is CWE-416 and is described as a Medium severity issue by Chromium.
Affected Systems
Google Chrome for macOS is affected. Any installation of Chrome on macOS with a version earlier than 150.0.7871.47 is vulnerable. The vulnerability specifically targets the Bluetooth module used by Chrome when it is enabled.
Risk and Exploitability
The risk level is moderate due to the Medium severity rating, but the lack of an EPSS score makes exact exploitation probability uncertain. The flaw can be leveraged only after the attacker has already compromised the renderer process, which typically requires a prior vulnerability or social engineering to deliver a malicious page. Although the vulnerability is not listed in the CISA KEV catalog, the potential for sandbox escape raises the risk in contexts where Chrome is used to render untrusted content.
OpenCVE Enrichment