Impact
A flaw in the Device Trust component of Google Chrome on Windows allows insufficient validation of untrusted input. When a remote attacker first compromises the renderer process, the attacker can provide a specially crafted HTML page that triggers the vulnerability, potentially enabling a sandbox escape. The issue is categorized as low severity by Chromium but could lead to remote code execution once the sandbox boundary is breached.
Affected Systems
Google Chrome on Windows versions prior to 150.0.7871.47 are impacted. All earlier stable channel releases that have not incorporated the fix are vulnerable while the 150.0.7871.47 release and later are considered fixed.
Risk and Exploitability
The EPSS score is not available, and the vulnerability is not listed in CISA KEV, indicating no known widespread exploitation. The attack vector requires initial compromise of the renderer process, which may be achieved through phishing or other browser-based attacks. If the attacker succeeds, they could escape the sandbox and execute arbitrary code on the host. The overall risk is moderate, reflecting the low CVSS rating but recognizing the potential for remote code execution if the renderer is compromised.
OpenCVE Enrichment