Impact
An out‑of‑bounds read in the Chromecast module of Google Chrome allows a remote attacker who has previously compromised the renderer process to read potentially sensitive data from process memory. The vulnerability arises when the renderer processes a crafted HTML page. If triggered, the attacker can obtain information that may include user data, credentials, or other confidential material, potentially leading to further exploitation or data leakage.
Affected Systems
The flaw affects all editions of Google Chrome with a version number less than 150.0.7871.47. This includes the stable, beta, and dev channels installed on Windows, macOS, Linux, and Chrome OS. Campaigns or scripts that target versions prior to 150.0.7871.47 may be able to exploit the memory read.
Risk and Exploitability
Because no EPSS score is available and the vulnerability is not listed in CISA KEV, the current exploitation probability appears low, but the CVSS score of 5.3 reflects a Medium severity that indicates potential for confidentiality and integrity compromise. An attacker would need to gain some degree of compromise in the renderer process, for example via a local malware tunnel or previously compromised browser. Once the renderer is compromised, the crafted HTML explaining the vulnerability can be served to trigger the read.
OpenCVE Enrichment