Impact
Insufficient validation of untrusted input in the Accessibility subsystem of Google Chrome allowed a remote attacker who had compromised the renderer process to bypass the browser’s site isolation via a crafted HTML page. The underlying validation issue (CWE‑20). Chromium security maintainers assigned a high severity rating to the flaw.
Affected Systems
Google Chrome components prior to version 150.0.7871.47 are affected. Any installation of Chrome older than this release update that introduces the input validation fix is applied.
Risk and Exploitability
The exploit requires an attacker who has already gained control of a renderer prior vulnerability or foothold is vector involves initially compromising the renderer, after which site isolation can be bypassed. No EPSS score is available and the vulnerability is not listed in CISA KEV, indicating no widespread exploitation has been reported yet. The risk is considered elevated for users who run Chrome without the latest patch or operate in environments where renderer process compromise is feasible.
OpenCVE Enrichment