Impact
A use‑after‑free flaw in Chrome’s Views component allows a maliciously crafted HTML page to corrupt heap memory when a user performs specific UI gestures. The resulting heap corruption can lead to arbitrary code execution or denial of service, and the vulnerability is categorized as high severity by Chromium's security team.
Affected Systems
Google Chrome browsers running versions older than 150.0.7871.115 are affected by this vulnerability.
Risk and Exploitability
Attackers can exploit this issue by hosting a malicious HTML page and tricking users into interacting with it. The exploitation requires the user to engage in particular UI gestures, so it is a remotely triggered, user‑interaction‑dependent attack. While an exploit would target the victim’s local machine, the CVE is not listed in the CISA KEV catalog and EPSS data is unavailable, suggesting that exploitation is not yet observed at scale. The high CVSS score indicates that fully exploited, the impact would be complete system compromise.
OpenCVE Enrichment