Impact
The vulnerability resides in Chrome's handling of input for Linux browsers released before version 150.0.7871.47. A correctly crafted HTML page can tap into the browser's memory space and leak potentially sensitive data. The flaw is an inappropriate implementation of input validation that allows a remote attacker to read portions of the process memory, exposing confidential information to the attacker.
Affected Systems
Google Chrome browsers operating on Linux platforms with versions earlier than 150.0.7871.47 are affected. Users running the stable channel prior to this update are at risk; newer releases beyond 150.0.7871.47 are not impacted.
Risk and Exploitability
The CVE is rated as High in Chromium's security severity. The EPSS score is not available, and the vulnerability is not listed in CISA's KEV catalog, indicating a moderate but still significant risk. The likely attack vector is a remote exploitation model where a malicious web page is served to a victim's Chrome instance; the attacker must convince the user to navigate to this page or embed the victim via an active network session. No prerequisites beyond the presence of a vulnerable Chrome version are stated.
OpenCVE Enrichment