Impact
Insufficient validation of untrusted media input in Google Chrome allows a remote attacker who has compromised the renderer process to craft a malicious video file that may lead to a sandbox escape. This can elevate privileges or enable code execution outside the browser sandbox. The weakness is a classic input validation flaw (CWE‑20).
Affected Systems
Google Chrome versions prior to 150.0.7871.47 on all platforms are affected. Any user running an affected Chrome build that processes arbitrary media files is at risk.
Risk and Exploitability
The vulnerability is rated as low severity by Chromium, and no EPSS score is available. It is not listed in the CISA KEV catalog, suggesting that widespread exploitation has not been observed. The attack chain requires an attacker to first compromise the renderer process and then supply a crafted video; upon successful sandbox escape, an attacker could gain higher privileges and potentially execute arbitrary code on the host. However, given the low severity classification and lack of known widespread exploitation, the likelihood of an attack remains modest at present.
OpenCVE Enrichment