Impact
The vulnerability is a use-after-free bug in the ANGLE component of Google Chrome versions earlier than 150.0.7871.47. An attacker who has already compromised the renderer process can use a specially crafted HTML page to trigger the flaw, potentially escaping the browser sandbox and achieving arbitrary code execution. This flaw is classified as CWE-416.
Affected Systems
Google Chrome affected versions are any releases before 150.0.7871.47. The issue is only exploitable in contexts where the attacker can inject crafted HTML into the renderer process; no other external attack surfaces are noted in the description.
Risk and Exploitability
The CVE carries a low Chromium severity rating and is not listed in the CISA KEV catalog, indicating no widespread exploitation to date. The EPSS score is not available, so the estimated probability of exploitation remains uncertain but likely low. The likely attack vector is a malicious HTML page rendered in a compromised renderer process, as inferred from the description. Once the exploit is triggered, sandbox escape could allow the attacker to perform actions with the renderer’s privileges, potentially compromising the host system.
OpenCVE Enrichment