Impact
Insufficient data validation in the Storage component of Google Chrome prior to version 150.0.7871.47 enables a remote attacker — once the renderer process is compromised — to craft an HTML page that may trigger a sandbox escape. The vulnerability is a classic buffer overflow (CWE‑122) that can lead to execution of arbitrary code with elevated privileges and potentially full system compromise.
Affected Systems
All instances of Google Chrome running versions older than 150.0.7871.47 are affected, regardless of the operating system, as the flaw resides in the cross‑process storage handling that is common to all builds.
Risk and Exploitability
The CVSS score is not published, and the EPSS score is unavailable, but the Chromium team has classified the issue as medium severity. Because the flaw requires a renderer compromise, an attacker would first need to supply malicious web content that bypasses content‑security controls. No known public exploits exist, and the vulnerability is not listed in the CISA KEV catalog. The risk is moderate, and effective mitigation is to update Chrome to the fixed version.
OpenCVE Enrichment