Impact
The vulnerability is a use‑after‑free flaw in the scheduler component of Google Chrome, affecting versions earlier than 150.0.7871.47. When a crafted HTML page is rendered, freed memory can be accessed, allowing a remote attacker to execute arbitrary code within Chrome’s sandbox. This flaw is classified as CWE‑416 and permits code execution that can compromise user data or, if the sandbox is bypassed_system running on any platform with a build older than 150.0.7871.47. The defect resides in the browser’s scheduling logic for rendering HTML and is not tied to a specific operating system or plugin.
Affected Systems
Google Chrome versions prior to 150.0.7871.47 on all supported platforms (Windows, macOS, Linux).
Risk and Exploitability
Chromium rates the vulnerability as low severity and the EPSS score is not available; it is not listed in CISA’s KEV catalog. Exploitation requires a remote attacker to host a malicious HTML page and lure a user into opening it in Chrome, exploiting the scheduler’s memory fault. The code runs inside Chrome’s sandbox, so additional steps would be needed for an.
OpenCVE Enrichment