Impact
The CVE describes a use‑after‑free flaw in the Chromecast component of Google Chrome. Attackers that can send crafted signals to a Chromecast peripheral connected to the same local network as a Chrome instance can trigger the bug and read the memory of the Chrome process. This could expose sensitive data such as browsing history, credentials or private pages, which constitutes an information‑disclosure vulnerability. The weakness is categorized as CWE‑416.
Affected Systems
Chrome versions prior to 150.0.7871.47, available for desktop platforms that include the built‑in Chromecast support, are affected. Users running Chrome 149.x or older on Windows, macOS, Linux, or other systems that embed Chromecast must upgrade to address the issue.
Risk and Exploitability
The CVSS score of 6.5 indicates moderate severity. No EPSS score is published, and the flaw is not listed in CISA’s KEV catalog, suggesting limited known exploitation. The attack requires local network presence and physical or logical access to a Chromecast peripheral, making the probability of attack lower than remote exploits. Nevertheless, exploitation can lead to sensitive data leakage, warranting prompt remediation where the local network is shared with unknown devices.
OpenCVE Enrichment