Inappropriate handling of Views in Google Chrome on Linux allows an attacker who has already gained control of the renderer process to inject arbitrary scripts or HTML, resulting in user experience cross‑site scripting (UXSS). This flaw can enable malicious code execution within the renderer context and is classified as a high severity issue. The impact depends on the privileges of the compromised renderer; it can lead to data leakage, session hijacking, or further cross‑domain attacks if the injected scripts target surrounding resources.

Affected are all Linux installations of Google Chrome whose build version is earlier than 149.0.7827.155. The vulnerability is specific to the Chrome renderer component and applies to standard desktop builds of Chrome on Linux. No Windows or macOS versions are impacted by this particular defect.

The overall CVSS score is high, but the EPSS score is reported as less than 1%, indicating a low probability of currently observed exploitation. Nevertheless, because the exploit requires a local or prior compromise of the renderer process, the attack surface is limited yet serious for systems that allow untrusted content to be rendered. The vulnerability is not listed in the CISA KEV catalog, which further suggests that no known public exploits exist at the time of this analysis. Attackers would need to bundle this flaw with another vulnerability or social‑engineering technique to first compromise the renderer, after which arbitrary script or HTML injection becomes possible.