Impact
A use‑after‑free flaw exists in Chrome’s SignIn component that can be triggered when a user interacts with a maliciously crafted HTML page. The bug allows an attacker that persuades the user to perform specific UI gestures to corrupt the heap, potentially leading to arbitrary code execution or denial of service. The vulnerability is classified as a memory management error (CWE‑416).
Affected Systems
The affected vendor is Google for its Chrome web browser. All operating systems that run Chrome are impacted, but only installations running Chrome versions earlier than 150.0.7871.47 are vulnerable.
Risk and Exploitability
Chromium rates the issue as low severity, and the EPSS score is not available, indicating no publicly known exploitation attempts at the moment. The flaw is not listed in CISA’s KEV catalog. Exploitation requires a social‑engineering step in which the attacker lures the user to a malicious site that initiates the required UI gestures. Therefore, the risk is limited to situations where a user actively visits a compromised webpage while running an outdated Chrome version.
OpenCVE Enrichment