Impact
Chrome’s Dawn rendering engine on Android has insufficiently validated untrusted input in versions prior to 150.0.7871.47, which could allow a remote attacker who already has control of the renderer process to craft an HTML page that triggers a sandbox escape. If successful, the attacker could execute code with higher privileges than the renderer normally has. This impact is inferred because the description states a potential escape rather than a guaranteed code execution, so the precise consequences depend on the success of the exploit but could be severe.
Affected Systems
Google Chrome for Android versions earlier than 150.0.7871.47 are affected.
Risk and Exploitability
The vulnerability is classified by Chromium as Medium severity. No EPSS score is available and it is not listed in the CISA KEV catalog. Exploitation requires the attacker already to have compromised the renderer process and to serve a malicious HTML page to the victim. The attack vector is remote, but it is limited to users who access compromised content while using an outdated Chrome installation. Because the outcome is a potential sandbox escape, the risk is significant but depends on the success of the exploit.
OpenCVE Enrichment