Impact
Inappropriate handling of Views in Google Chrome on Linux allows an attacker who has already gained control of the renderer process to inject arbitrary scripts or HTML, resulting in user experience cross‑site scripting (UXSS). This flaw can enable malicious code execution within the renderer context and is classified as a high severity issue. The impact depends on the privileges of the compromised renderer; it can lead to data leakage, session hijacking, or further cross‑domain attacks if the injected scripts target surrounding resources.
Affected Systems
Affected are all Linux installations of Google Chrome whose build version is earlier than 149.0.7827.155. The vulnerability is specific to the Chrome renderer component and applies to standard desktop builds of Chrome on Linux. No Windows or macOS versions are impacted by this particular defect.
Risk and Exploitability
The CVSS score of 4.7 indicates a moderate severity, yet the EPSS score is less than 1%, indicating a low probability of observed exploitation. The vulnerability is not listed in the CISA KEV catalog, which further suggests that no known public exploits exist at the time of this analysis. Attackers would need to bundle this flaw with another vulnerability or social‑engineering technique to first compromise the renderer, after which arbitrary script or HTML injection becomes possible.
OpenCVE Enrichment
Debian DSA