Impact
A use‑after‑free flaw in the Payments component of Google Chrome allows a remote attacker to craft an HTML page that, when a user performs specific UI gestures, can corrupt the heap. This heap corruption could enable the attacker to execute arbitrary code or tamper with data, compromising the confidentiality, integrity, and availability of the affected system. The weakness is a classic use‑after‑free subject to CWE‑416. Based on the official Chromium severity rating, the vulnerability is considered high.
Affected Systems
The flaw affects all installations of Google Chrome using versions prior to 150.0.7871.115. No more granular version information is provided in the data, so all earlier releases are considered vulnerable.
Risk and Exploitability
The CVSS details are not supplied, and EPSS scores are unavailable, meaning the current exploitation likelihood cannot be quantified from the data. The vulnerability is not listed in the CISA KEV catalog. The attack requires the victim to open a maliciously crafted page and engage with specific UI gestures, implying that user interaction is necessary. Despite the high severity rating, data on exploitation prevalence and evidence of active campaigns is absent.
OpenCVE Enrichment