Impact
A use‑after‑free flaw in Chrome’s Core rendering engine on Windows allows an attacker who has already compromised the renderer process to escape the browser sandbox. The vulnerability, identified as CWE‑416, could let malicious code gain privileges beyond the renderer, potentially leading to arbitrary code execution on the host. Chromium labels this flaw as high severity.
Affected Systems
Google Chrome for Windows versions earlier than 150.0.7871.115 are affected. The issue does not impact other operating systems or Chrome releases newer than the stated version.
Risk and Exploitability
The EPSS score is not available and Chrome is not listed in the CISA KEV catalog, so exploitation likelihood is unclear. However, the flaw requires a pre‑existing compromise of the renderer process and the delivery of a crafted HTML page. If an attacker can attain the renderer, they could use the bug to escape the sandbox, gaining local privilege escalation. The lack of a publicly known exploit suggests monitoring and updating should be prioritized.
OpenCVE Enrichment