Impact
The vulnerability is an uninitialized use flaw in the V8 JavaScript engine that allows a remote attacker to execute arbitrary code inside a sandboxed process when a user loads a specially crafted HTML page. The attack compromises the sandbox boundaries, giving the attacker the same privileges as the browser process and potentially enabling further escalation. The weakness is identified as CWE-457, reflecting the improper initialization of a variable before use.
Affected Systems
Google Chrome browsers are affected, specifically all versions prior to 150.0.7871.115 as noted by the vendor. No additional affected product versions are listed in the available data.
Risk and Exploitability
Chromium reports the severity as High, yet the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating that widespread exploitation has not yet been observed. The likely attack vector is through a malicious web page that the user visits or that is injected into a legitimate site. Successful exploitation requires user interaction to load the page, after which the attacker can run code within the sandbox with the same rights as the browser. Given the high severity assessment, the potential impact is significant, though actual exploitation risk remains uncertain due to lack of EPSS data.
OpenCVE Enrichment