Impact
The vulnerability is an out‑of‑bounds read and write in the ANGLE component of Chrome. An attacker who has already compromised the renderer process could use a specially crafted HTML page to trigger the memory corruption and potentially escape the renderer's sandbox. This weakness matches CWE‑787, demonstrating a failure to validate bounds during memory access. If exploited, the attacker could gain privileges above those of the renderer, allowing further compromise of the host system.
Affected Systems
Google Chrome versions prior to 150.0.7871.47 are affected. The issue appears in the ANGLE renderer, which is used for GPU abstraction on all desktop platforms. All users running the stable channel before this build should consider the vulnerability relevant.
Risk and Exploitability
EPSS is not available and the vulnerability is not listed in CISA's KEV catalog. The CVSS score is not disclosed, but the Chromium severity is Low, indicating a modest impact and a high effort requirement. Exploitation requires the attacker to first compromise the renderer process; the crafted page must be delivered to a victim's browser. Thus, while sandbox escape is possible, the minimal exploitation prerequisites and low assigned severity suggest a moderate risk for most environments.
OpenCVE Enrichment