Impact
The flaw lies in how Google Chrome processes password‑related navigation restrictions. A maliciously crafted HTML page can cause the browser to ignore these restrictions, allowing a remote attacker to direct a user to arbitrary URLs without the user’s knowledge or consent. This bypass enables phishing, malware delivery, or other unwanted content, and it represents an improper enforcement of the browser’s navigation constraints as classified by Chromium as "High" severity.
Affected Systems
Google Chrome builds earlier than 150.0.7871.47 are affected. The notification does not specify which operating systems are impacted; it applies to any platform that runs the affected Chrome version.
Risk and Exploitability
Chromium’s high severity rating indicates a serious risk. No CVSS score is published; EPSS is unavailable, and the flaw is not listed in CISA’s KEV catalog. An attacker only needs to host or serve a crafted page, meaning the attack can be carried out remotely from any location. The vulnerability requires no local code execution; once the victim opens the malicious page, the bypass is triggered via the browser’s navigation logic.
OpenCVE Enrichment