Impact
A use‑after‑free vulnerability exists in the Views component of Google Chrome for macOS prior to version 150.0.7871.47 (CWE‑416). The flaw allows an attacker to craft a malicious HTML page that, when a user performs specific UI gestures, triggers heap corruption. The CVE indicates low severity and does not explicitly disclose remote code execution. By corrupting the heap, an attacker could potentially compromise the browser or the system, though the exact impact is not detailed.
Affected Systems
Google Chrome on macOS, versions earlier than 150.0.7871.47.
Risk and Exploitability
The vulnerability is characterized as a low‑severity issue by Chromium, and there is no EPSS score available. It is not listed in the CISA KEV catalog. Exploitation requires a remote attacker to entice a user to load a crafted page and engage in particular UI gestures, so practical attack likelihood is limited, but the potential impact remains serious if exploited.
OpenCVE Enrichment