Impact
An insufficient validation of untrusted input in Google Chrome Enterprise before version 150.0.7871.47 allows a remote attacker to exploit a crafted HTML page and achieve privilege escalation. The weakness is identified by CWE-20, indicating improper input validation that can lead to escalated privileges. The impact extends beyond a single process, potentially enabling an attacker to gain elevated rights on the affected system.
Affected Systems
Products affected include Google Chrome Enterprise. Any installation of Chrome Enterprise prior to the stable channel release 150.0.7871.47 is vulnerable. No specific sub‑version range beyond that cut‑off is indicated.
Risk and Exploitability
The advisory indicates a medium severity level. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no known large‑scale exploitation yet. The likely attack vector involves a remote attacker delivering a malicious HTML page that the vulnerable browser processes without adequate validation. While exploitation requires the victim to open or process the page, the lack of a mitigated path means any such exposure could lead to full privilege elevation on the target machine.
OpenCVE Enrichment