Impact
A vulnerable implementation in Chrome’s multimedia codecs allows a remote attacker to supply a crafted video file that triggers an out‑of‑bounds read and write. The resulting heap corruption could be leveraged for code execution or other adverse effects, and the vulnerability has been rated as a high‑severity issue by Chromium’s security team.
Affected Systems
Google Chrome products on all platforms, for all desktop versions earlier than 150.0.7871.115, are affected. Any installation that downloads or renders a malicious video file may be compromised.
Risk and Exploitability
The EPSS score is not available and the CVE is not listed in CISA’s KEV catalog, but the vulnerability’s high severity rating indicates a serious risk. Exploitation requires the attacker to convince a user to play a malicious video, either through a website or a local file. No public exploit has been reported yet, but the vulnerability’s mechanics make it a reasonable target for advanced adversaries.
OpenCVE Enrichment