Impact
The flaw is an inappropriate implementation of AI in the Google Chrome browser that allows an attacker who has already compromised the renderer process to craft a malicious HTML page and potentially escape the sandbox. This could enable the attacker to gain wider system access beyond the browser sandbox, compromising user data and system integrity.
Affected Systems
Chrome browsers with manufacturing versions before 150.0.7871.47 are affected. Users running any pre‑150.0.7871.47 release are at risk; newer releases contain the fix.
Risk and Exploitability
Chromium lists the severity as low, and no EPSS score is available. The attacker must first achieve a renderer‑process compromise – typically via a separate vulnerability or social engineering – before this flaw can be leveraged. Because the attack path requires that condition and the flaw is not active in current versions, the immediate risk is low until such a prior compromise occurs, but the potential impact of sandbox escape is serious. It is not listed in the CISA KEV catalog.
OpenCVE Enrichment