Inappropriate implementation in the Android WebView component of Google Chrome allowed a remote attacker to construct a crafted HTML page that could read cross‑origin data, thereby exposing sensitive information to an unauthorized party. This vulnerability permits the attacker to gain unintended access to data from other origins, compromising the confidentiality of those resources. The weakness is classified as a medium‑severity flaw according to Chromium’s internal severity assessment.

Google Chrome for Android versions prior to 149.0.7827.53 are affected. The flaw exists specifically in the WebView functionality used by Chrome, and therefore any Android device running one of the listed versions may be vulnerable if it hosts or allows execution of the malicious HTML page.

The vulnerability is exploitable remotely through a crafted web page, implying that an attacker needs only to entice a user to visit or load the page. With no EPSS score available, the current exploit probability cannot be quantified, however the lack of a KEV listing suggests no widespread exploitation has been reported to date. The medium severity rating indicates the impact is significant but not catastrophic, and the attack is feasible up to the availability of a patch.