Impact
The vulnerability is a use‑after‑free flaw in Chrome’s Bluetooth stack that can be triggered by a malicious peripheral. An attacker on the same local network segment can cause Chrome to read memory that is no longer valid and acquire potentially sensitive data from the process address space. The flaw does not allow arbitrary code execution, but it permits information disclosure that could aid further attacks.
Affected Systems
Google Chrome users running a version prior to 150.0.7871.47 are affected. Updated releases 150.0.7871.47 and later contain the fix, providing the necessary patch to eliminate the vulnerable memory handling path.
Risk and Exploitability
The flaw is rated Medium in Chromium’s security severity. Exploitation requires physical or network proximity to connect a malicious Bluetooth peripheral to the victim’s device; this is inferred from the description, as the vulnerability is accessed through a Bluetooth peripheral on the local network segment. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The local nature of the attack vector and the ability to read memory contents mean that the risk to affected users is non‑negligible and the issue should be remediated promptly.
OpenCVE Enrichment