Impact
This vulnerability is a use‑after‑free flaw that occurs when a malicious Chrome extension is installed. The flaw can corrupt heap memory during extension execution, potentially allowing the attacker to execute arbitrary code within the browser process. The weakness is categorized as CWE‑416, a classic memory corruption issue.
Affected Systems
Google Chrome versions prior to 150.0.7871.115 on all supported operating systems are affected. Users running these releases are at risk if they install untrusted or malicious extensions.
Risk and Exploitability
The vulnerability is rated high in Chrome's security severity matrix. Based on the description, it is inferred that the attack vector is a malicious extension installed through social engineering. Although EPSS data is not available, the flaw could be exploited by convincing a user to install a malicious extension. The attack requires social engineering to get the user to install the extension, after which heap corruption could lead to code execution. The vulnerability is not listed in the CISA KEV catalog at this time, but the potential impact warrants prompt mitigation.
OpenCVE Enrichment