Impact
The vulnerability is a race condition in Chrome's USB handling that can let a remote attacker who has already gained execution in the renderer process cause a sandbox escape when serving a crafted HTML page. This flaw may allow code to run with higher privileges than the browser sandbox provides, potentially compromising the host if the renderer is already compromised.
Affected Systems
Google Chrome versions earlier than 150.0.7871.47 are affected.
Risk and Exploitability
The CVSS score of 9.6 indicates a high severity. The EPSS score is reported as < 1%, and the vulnerability is not listed in CISA KEV. Exploitation requires the attacker to first obtain a foothold in the renderer process, typically through another vulnerability or a malicious site. Once a renderer is in the attacker’s control, supplying a maliciously crafted HTML document can trigger the race condition which may break the sandbox and allow elevated code execution.
OpenCVE Enrichment