Severity by source
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Network-delivered crafted page (AV:N/UI:R) but requires a prior renderer compromise making it high-complexity (AC:H); the sandbox-boundary crossing is S:C with full C/I/A impact.
Primary rating from Vendor (google).
CVSS VectorVendor: google
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
AnalysisAI
Sandbox escape in Google Chrome on Windows prior to 150.0.7871.115 allows an attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page, chaining a codec input-validation flaw into higher-privileged host-process compromise. The bug is rated High by Chromium and carries a CVSS 8.3 with a scope-changing vector reflecting the sandbox-boundary crossing. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the attacker has ALREADY compromised Chrome's renderer process (a prior, separate renderer RCE) and can deliver crafted media/HTML through the Codecs subsystem - this is a chained sandbox-escape stage, not a standalone bug. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H = 8.3) signals network reachability with high attack complexity and required user interaction, yielding high confidentiality, integrity and availability impact across a changed scope. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A victim on an unpatched Chrome for Windows visits an attacker-controlled web page that first exploits a separate renderer vulnerability to gain code execution inside the sandboxed renderer, then feeds crafted media to the codec path to escape the sandbox and run code in a higher-privileged Chrome process. No public POC is referenced, and the high attack complexity plus required user interaction and prerequisite renderer compromise make this a targeted, multi-stage attack rather than a trivial drive-by. |
| Remediation | Vendor-released patch: Chrome 150.0.7871.115 for Windows - upgrade to this build or later via Chrome's built-in updater (chrome://settings/help) and relaunch to apply, which is the primary and complete fix. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Windows systems running Chrome versions prior to 150.0.7871.115 and communicate mandatory patch requirement to users. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42451
GHSA-mgx7-w737-hvvj