Impact
A use‑after‑free flaw exists in Chrome’s updater component on Windows. When a malicious file is opened by a local user, the program can access memory that has already been freed, allowing that user to execute arbitrary code with system privileges. The resulting compromise is OS‑level privilege escalation, which can lead to full control of the affected machine.
Affected Systems
Google Chrome on Windows, versions older than 150.0.7871.47. Only the Windows platform is affected.
Risk and Exploitability
The flaw is a classic use‑after‑free (CWE‑416) and requires a local crafted file. The EPSS score is not available and the vulnerability is not listed in CISA KEV, indicating no publicly known exploit at this time. The Chromium severity is rated Medium, suggesting that while the technical impact is high, the attack surface is limited to local users. Nevertheless, the potential to gain full control of a system warrants prompt remediation.
OpenCVE Enrichment