Impact
A side‑channel vulnerability in Chrome’s scrolling logic allows a remote attacker to read data from other origins when the victim loads a malicious web page. The flaw is triggered by specially crafted HTML and can expose cookies, local storage or other sensitive data that normally remain protected by same‑origin policies. The weakness is classified as CWE‑1300, indicating information disclosure. The potential impact is that an attacker could exfiltrate confidential data viewed by the victim without their knowledge.
Affected Systems
The vulnerability affects Google Chrome browsers prior to version 150.0.7871.47. Any installation of Chrome at or earlier than that build is susceptible. No specific platform details are provided, so the issue applies broadly to desktop editions of Chrome.
Risk and Exploitability
The official severity is noted as High by Chromium, though a CVSS score is not supplied. The EPSS score is unavailable and the vulnerability is not listed in the CISA KEV catalog, suggesting that no widespread exploitation is documented yet. The likely attack vector involves a victim visiting a crafted web page; thus it requires user interaction. While the risk is significant for exposed data, the lack of public exploitation data and lack of network‑only vectors somewhat reduce the immediate threat level. Regular users should treat the vulnerability as serious and proceed with remediation.
OpenCVE Enrichment