The vulnerability is an inappropriate implementation in Google Chrome's Password Manager that lets a remote attacker leak cross‑origin data when a user visits a specially crafted HTML page. The affected component can expose stored password information to a malicious site, resulting in potential identity theft or credential compromise. This weakness aligns with information‑exposure flaws, allowing an attacker to retrieve data that should remain private to the originating origin.

Google Chrome versions prior to 149.0.7827.53 are impacted. The flaw affects all users running any desktop Chrome build before the specified version, regardless of operating system, because the Password Manager component is common across releases.

The CVSS score is omitted from the data, but the Chromium project rates the issue as medium severity. The EPSS score is unavailable, and the vulnerability is not listed in the CISA KEV catalog, suggesting that no widespread exploitation has been confirmed. The likely attack vector is remote: an attacker can host a malicious website that loads a crafted HTML page, forcing the vulnerable Password Manager to disclose cross‑origin data. No additional prerequisites are stated, so the threat can be realized as long as the vulnerable Chrome version is installed and the user visits such a page.