Impact
The vulnerability is a use‑after‑free in the Cast Receiver component of Google Chrome. A crafted HTML page can trigger the free and subsequent reuse of memory, allowing an attacker to execute arbitrary code inside a sandboxed process. While containment limits the code to the sandbox environment, the privilege escalation still enables a remote attacker to run malware or conduct further attacks, representing a medium‑impact flaw, as indicated by the medium severity rating within Chromium.
Affected Systems
The flaw affects Google Chrome versions prior to 150.0.7871.47. Specifically, any installation that includes the Cast Receiver functionality is vulnerable unless the browser has been upgraded to a newer patch release.
Risk and Exploitability
There is no EPSS score available and the CVE is not listed in the CISA KEV catalog, indicating no known widespread exploitation yet. The likely attack vector is a remote attacker delivering a malicious web page that activates the Cast Receiver. Given the medium severity rating within Chromium and the absence of public exploitation data, the risk is moderate but should be addressed promptly because the flaw can be leveraged to execute arbitrary code.
OpenCVE Enrichment