Impact
This flaw is an integer overflow in the font parsing routine of Google Chrome that can be exploited by a crafted HTML page to perform an out‑of‑bounds memory write. The overflow permits an attacker to overwrite arbitrary memory locations, potentially leading to remote code execution, data corruption, or denial of service. The issue is identified as a medium severity vulnerability in Chromium’s own assessment and corresponds to CWE-472, which involves integer overflows or wraparounds.
Affected Systems
Any user running Google Chrome prior to update 150.0.7871.47 on any supported operating system is potentially vulnerable. The affected releases span the stable channel of Chrome before the June 2026 patch, including older desktop and potentially mobile builds that have not yet been updated.
Risk and Exploitability
The vulnerability can be triggered by a malicious webpage that the user must load in a vulnerable Chrome instance. The required preconditions are minimal, meaning that any user who visits the crafted page could be impacted. No documented exploitation campaigns are currently known, and the flaw is not listed in the CISA Known Exploited Vulnerabilities catalog. The EPSS score is not disclosed. While the exact impact severity is not quantified in the CVE data, the potential for remote code execution or service disruption warrants timely patching.
OpenCVE Enrichment