Impact
The vulnerability arises from insufficient validation of untrusted input on the New Tab Page in Google Chrome. An attacker who can compromise the renderer process could construct a specially crafted HTML page that may bypass the browser sandbox, allowing execution of code with higher privileges than the restricted renderer environment provides. This type of flaw aligns with CWE‑20 Input Validation issues and could lead to arbitrary code execution beyond the browser context.
Affected Systems
Google Chrome versions prior to 150.0.7871.47 are affected. The vulnerability is specific to the desktop stable channel and other channels using the same codebase.
Risk and Exploitability
Chromium rates this issue as low severity, and no EPSS score is available. The vulnerability requires that the attacker first gain control of the renderer process, a scenario that is not trivial and for which no public exploits are currently known. The absence from the CISA KEV catalog and the lack of a public exploit reduce the immediate risk, but its potential to undermine Chrome’s sandbox still warrants attention.
OpenCVE Enrichment