Impact
The vulnerability is an insufficient validation of untrusted input in Chromoting, part of Google Chrome on Windows. An attacker who can supply a malicious file to the Chromoting component can elevate privileges on the local machine, exploiting flaw categorized as CWE‑20. The problem allows a local user to execute operations with higher system rights without needing additional credentials.
Affected Systems
Google Chrome for Windows, versions earlier than 150.0.7871.47. Any installation of the affected Chrome release that includes the Chromoting feature is vulnerable.
Risk and Exploitability
The flaw carries a low security severity according to Chromium. It requires local access to drop a malicious file and a running instance of Chrome; no network exploitation is needed. Because the EPSS score is not available and the vulnerability is not listed in CISA KEV, the current evidence suggests a modest likelihood of exploitation in the wild, but an attacker with local control can readily achieve privilege escalation if the patch is not applied.
OpenCVE Enrichment