Impact
Google Chrome versions prior to 150.0.7871.47 contain insufficient policy enforcement in the Browser. A remote attacker who has already compromised the renderer process can load a specially crafted HTML page and potentially escape the renderer sandbox. This could allow the attacker to interact with resources outside the sandbox boundary, undermining confinement.
Affected Systems
The affected product is Google Chrome. Any installation using Chrome version older than 150.0.7871.47 is potentially vulnerable. No additional version specificity is supplied; the issue applies to all releases prior to the mentioned patch level.
Risk and Exploitability
The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating no known active exploitation currently. Chromium labels the severity low, reflecting that exploitation requires a pre‑existing compromise of the renderer process and the delivery of malicious HTML. Based on the description, it is inferred that an attacker needs to first compromise a renderer process and then serve a malicious HTML payload to trigger the escape. The likely attack vector is a compromised renderer executing crafted content, which reduces the overall exploitation likelihood.
OpenCVE Enrichment