Impact
This vulnerability is a use‑after‑free flaw in the InterestGroups mechanism of Google Chrome. The freed memory pointer can be accessed, allowing an attacker to execute arbitrary code within the browser’s sandbox. The weakness, classified as CWE‑416, yields code execution when a user loads a specially crafted web page.
Affected Systems
Google Chrome browsers with versions earlier than 150.0.7871.115. The issue affects all platforms that ship with this Chromium build, including Windows, macOS, Linux, and Chrome OS.
Risk and Exploitability
The CVSS score is high, reflecting the severity of the flaw. No EPSS score is available, and the vulnerability is not listed in CISA KEV. An attacker can trigger the flaw by delivering a crafted HTML page to a user, so the attack vector is the web content channel. Successful exploitation leads to code execution inside the sandbox, potentially permitting higher‑privilege actions through a sandbox escape.
OpenCVE Enrichment