Impact
An inappropriate handling of form data in Google Chrome before version 150.0.7871.115 permits a malicious web page to cause the browser to execute arbitrary code within its sandbox. The vulnerability is a form‑related bug that can lead to the compromise of executable context while still maintaining the sandbox boundaries, effectively allowing the attacker to trigger code that runs with the privileges of the user’s Chrome process. Because browsers enforce integrity and confidentiality boundaries through sandboxing, a successful exploit would likely give the attacker significant control over the victim’s system, including the ability to read files, modify settings, and carry out further attacks. The weakness is consistent with code injection or improper input validation defects (CWE‑94).
Affected Systems
The flaw affects Google Chrome installed on desktop operating systems that had not yet updated to version 150.0.7871.115 or any later revision addressing the issue. No specific operating systems are mentioned, but the vulnerability exists in the desktop Chrome browser across all supported platforms until the security patch is applied.
Risk and Exploitability
The attack vector is inferred to be remote; an attacker simply needs to serve a crafted HTML page that the user visits, which can then exploit the flaw. The Chromium security team has classified the issue as high severity, indicating a potentially serious impact. At present no EPSS score is published and the vulnerability is not listed in the CISA KEV catalog, suggesting that active exploitation may not yet be widespread. Nonetheless, the combination of high severity and the ability to trigger remote code execution within a user’s browser session warrants immediate attention and patching. The CVSS score is not provided in the public data, but the high severity rating alone signals a significant risk.
OpenCVE Enrichment