Impact
Insufficient policy enforcement in Chrome's Mojo inter‑process communication framework lets a remote attacker who has already compromised the renderer process escape that sandbox by delivering a crafted HTML page, potentially granting higher privileges or enabling arbitrary code execution on the host.
Affected Systems
Google Chrome desktop versions before 150.0.7871.47 are impacted. The flaw resides in the Mojo component that mediates communication between renderers and other Chrome processes.
Risk and Exploitability
Because no CVSS or EPSS metrics are published and the vulnerability is not listed in CISA KEV, the overall risk is limited. Exploitation requires a prior renderer compromise, which normally occurs via a separate local or remote vulnerability or malicious content. Without that initial foothold, the flaw cannot be abused. The current Chromium severity label of low indicates that known proof of concept or widespread exploitation has not been observed.
OpenCVE Enrichment