Impact
Google Chrome for macOS contains a use‑after‑free flaw in USB handling that can be triggered by a crafted HTML page. When the renderer process has already been compromised, the flaw allows the attacker to potentially escape the sandbox, gaining the ability to execute arbitrary code or read sensitive files on the host. This enables the attacker to breach the application’s security boundaries and threaten the confidentiality and integrity of the user’s system.
Affected Systems
The vulnerability affects Chrome on macOS running versions earlier than 150.0.7871.47. macOS users who keep the browser at these legacy releases are exposed to the risk.
Risk and Exploitability
Chromium rates the issue as medium severity, and it is not listed in the CISA KEV catalog. Exploitation requires a remote attacker to compromise the renderer process, which is non‑trivial but feasible through malicious web content. The EPSS score is not available, so the precise likelihood is unknown, but the potential for sandbox escape makes the risk significant enough to warrant immediate attention.
OpenCVE Enrichment