Impact
Inappropriate implementation in the Document Object Model of Google Chrome versions prior to 150.0.7871.115 can trigger heap corruption when a specially crafted HTML page is parsed. The corruption can lead to arbitrary code execution, data compromise, or denial of service, allowing a remote attacker to gain full control of the victim’s system. The issue is a result of insufficient bounds checking during DOM processing and has been classified as High by Chromium.
Affected Systems
Any installation of Google Chrome that is older than 150.0.7871.115 is vulnerable. This includes all platforms—Windows, macOS, Linux, and ChromeOS—where the stable channel distribution is used. No other browsers or vendors are cited, so only Chrome users of obsolete builds are at risk.
Risk and Exploitability
The CVSS score is not provided, but Chromium rated the vulnerability as High. The EPSS score is unavailable, so a precise exploitation probability cannot be calculated; however, the need to deliver a malicious HTML page indicates the attack vector is a remotely hosted webpage, email attachment, or other HTML rendering mechanism. The vulnerability is not listed in CISA KEV, implying no confirmed mass exploitation has occurred yet, but the potential for arbitrary code execution makes it a serious security concern.
OpenCVE Enrichment