Impact
The vulnerability is a use‑after‑free bug in Chrome’s Views component that can be triggered by a specially crafted HTML page. This flaw corrupts heap memory used by the browser process, potentially allowing an attacker to execute arbitrary code with the same privileges as the user running Chrome. The weakness is classified as CWE‑416, a heap use‑after‑free condition.
Affected Systems
Google Chrome versions before 150.0.7871.115 are affected. The issue applies to all desktop builds of Chrome released prior to that version, regardless of the operating system.
Risk and Exploitability
Chromium rates this issue as Critical, underscoring a high potential impact. The EPSS score is less than 1 %, indicating a low current probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is remote, requiring a user to open a malicious web page; thus exploitation depends on user interaction. Despite the low EPSS, the combination of a heap corruption flaw and high severity suggests that the overall risk remains significant.
OpenCVE Enrichment