Impact
This vulnerability is an input validation flaw (CWE‑20) in the Media processing component of Google Chrome on Windows. Untrusted media data embedded in a crafted HTML page can bypass internal checks when the renderer process has already been compromised, allowing the attacker to escape the renderer’s sandbox. If achieved, the attacker could gain code execution with the privileges of the current user, compromising confidentiality, integrity, and availability of the system.
Affected Systems
All installations of Google Chrome on Windows that use a version older than 150.0.7871.47 are susceptible. The flaw resides in the Media subsystem, so any renderer processes that handle media content are impacted.
Risk and Exploitability
The vulnerability is classified as medium severity by Chromium; its CVSS score is not provided in the public data. The exploit requires the attacker to have already gained control of the renderer process, which limits the attack vector to local or compromised renderers. EPSS is not available, and the flaw is not listed in the CISA KEV catalog, indicating no known exploitation at this time. Nonetheless, the potential for sandbox escape makes it a high‑risk concern for systems that encounter untrusted web content.
OpenCVE Enrichment