Impact
The vulnerability stems from inadequate policy enforcement in Chrome’s USB handling. An attacker who has already compromised the renderer process can craft a malicious HTML page that triggers a sandbox escape, potentially leading to execution of arbitrary code with elevated privileges.
Affected Systems
Google Chrome versions prior to 150.0.7871.47 are affected. Users running earlier releases may inadvertently expose their systems to this risk if they access potentially malicious web content that exploits the renderer.
Risk and Exploitability
The vendor has labeled the flaw as medium severity in Chromium’s internal assessment. Without a publicly known exploit or EPSS score, the probability of immediate large‑scale exploitation is low, and the vulnerability is not catalogued in the CISA KEV list. Nevertheless, the attack vector requires remote delivery via a crafted web page and a pre‑existing renderer compromise, making the risk moderate for typical users who browse normal web content. Updating Chrome mitigates the flaw and removes the path to sandbox escape.
OpenCVE Enrichment