Impact
An integer overflow flaw in the Chromecast component of Google Chrome allows a local attacker to craft malicious network traffic that causes a signed integer overflow during data processing. The overflow corrupts a pointer calculation, enabling arbitrary code execution within the scope of the Chrome process, which can result in privilege escalation or system compromise. This vulnerability aligns with CWE-122: Heap or Stack-based Buffer Overflow.
Affected Systems
All versions of Google Chrome released before 150.0.7871.47 on any supported platform are vulnerable. The flaw exists in the Chromecast module embedded within the browser, affecting users who have Chrome enabled on their local machines.
Risk and Exploitability
The EPSS score is not available, and the CVSS value is not reported; the vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack likely requires a local attacker who can direct malicious network traffic to the vulnerable Chrome instance, triggering the integer overflow during the rendering process. While the potential impact of local code execution is significant, the lack of exploitation data and absence of a KEV listing mean the current exploitation likelihood is uncertain. Users should not assume the flaw has been weaponized, but any local code execution vulnerability warrants caution until a patch is applied.
OpenCVE Enrichment