Impact
The vulnerability resides in the way Chrome on Windows handles certain user intentional interactions with download-related UI elements after visiting a crafted HTML page. A remote attacker can persuade a user to perform specific gestures that trigger code execution without the user’s conscious approval. The result is arbitrary code running with the privileges of the Chrome process, potentially allowing a full compromise of the host system.
Affected Systems
Google Chrome versions on Windows released prior to 150.0.7871.47 are affected. The issue is reported for the stable channel and is fixed in the 150.0.7871.47 update.
Risk and Exploitability
The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, but it carries Medium severity according to Chromium’s own assessment. The attack requires user interaction with a malicious page and relies on exploiting the download handling subsystem to execute code. No validated exploit has been publicly disclosed, but the nature of the flaw—arbitrary code execution—implies high impact if exploited.
OpenCVE Enrichment