Impact
The flaw exists in Chrome’s navigation handling routine and permits a remote attacker who has already gained control of a renderer process to escape the browser sandbox by delivering a specially crafted HTML page. Once the sandbox escape is achieved, the attacker may execute arbitrary code with privileges higher than the sandbox and potentially compromise the host operating system. The vulnerability is classified as medium severity by Chromium, indicating significant impact when combined with a renderer‑process compromise.
Affected Systems
Google Chrome installations running any version prior to 150.0.7871.47 are affected; any user who has not upgraded to this patch or a newer release remains vulnerable.
Risk and Exploitability
Chromium has assigned a medium severity rating; no EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, meaning there is no known active exploitation in the wild yet. The attack requires prior compromise of a renderer process, so the vector is internal to a malicious document or extension, but to the underlying system. Given the lack of public exploitation and the internal nature of the initial compromise, the but the potential for full system takeover remains if the renderer is compromised.
OpenCVE Enrichment