The vulnerability lies in the Safe Browsing component of Google Chrome, where an inappropriate implementation allows a remote attacker to bypass the Safe Browsing protection when handling a malicious file. The weakness permits a malicious file to be considered safe by the browser, enabling the user to download or open it without the usual warning, potentially allowing malware execution. The impact is that a user could unknowingly install software that has been flagged as dangerous by the Safe Browsing database, which undermines the browser's security guarantees and could lead to compromise of the host system.

Google Chrome – any version prior to 149.0.7827.53 is affected. No other product or vendor is listed as impacted.

Chromium rates the issue as low severity, but the ability to bypass Safe Browsing can still facilitate malicious file exposure on the user’s machine. Without an EPSS figure or KEV listing, the precise likelihood of exploitation is uncertain, yet the attack vector remains accessible to a remote attacker through delivery of a malicious file, such as via phishing or compromised websites. The risk level can be considered moderate because the vulnerability depends on user interaction but can still lead to effective malware installation. The lack of a KEV listing indicates no widespread exploitation has been documented at this time.