Impact
Google Chrome on Android was found to perform insufficient validation of untrusted input when handling file input operations. A crafted HTML page could exploit this weakness to read data from other origins, resulting in cross‑origin information leakage. The flaw is a classic example of improper input validation (CWE‑20) and was rated high in Chromium’s internal severity scoring.
Affected Systems
The vulnerability applies to Google Chrome for Android versions earlier than 150.0.7871.47. Users of these releases on any Android device are at risk. Google recommends updating to the 150.0.7871.47 stable channel or newer to remove the flaw.
Risk and Exploitability
Chromium assigns the vulnerability a high severity. The issue is not listed in CISA’s KEV catalog, suggesting limited current exploitation data. However, exploitation requires a crafted local or remote HTML page and a user who opens it in the affected browser. Once triggered, the attacker can read cross‑origin data, potentially compromising user privacy and sensitive application data.
OpenCVE Enrichment