Impact
The vulnerability is a use‑after‑free flaw in the GetUserMedia API of Google Chrome. When an attacker can compromise the renderer process and craft a malicious HTML page, the flaw allows the attacker to potentially escape the renderer sandbox and gain higher privileges. The weakness is identified as CWE‑416, which directly impacts the integrity and confidentiality of the compromised system. The official severity rating is low, but sandbox escape can have critical consequences in privileged contexts.
Affected Systems
Google Chrome versions prior to 150.0.7871.47 are affected. This includes any desktop installations of Chrome that have not yet received the 150.0.7871.47 update. No specific operating system or architecture is disqualified, as the bug resides in the browser’s core media handling logic.
Risk and Exploitability
The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, indicating a low likelihood of widespread exploitation at this time. However, the exploit requires the attacker to already compromise the renderer process, which typically demands a separate vulnerability or privileged user interaction. If successfully triggered, the sandbox escape could enable the attacker to execute code at the platform level, compromising the host machine. The subtle nature of the flaw and the low public awareness may keep exploitation rates low, but the potential impact remains significant for vulnerable users.
OpenCVE Enrichment