Impact
The vulnerability is an out‑of‑bounds read in the Skia graphics library used by Google Chrome on macOS. When triggered, it allows a malicious renderer process to read memory beyond a buffer and disclose cross‑origin data. The weakness is a classic CWE‑125 flaw leading to confidentiality compromise of information that should be protected by the same‑origin policy.
Affected Systems
Google Chrome (Chromium) released for macOS before version 150.0.7871.47 is affected. Any Chrome build older than this may allow the exploit if an attacker can compromise the renderer process.
Risk and Exploitability
Chromium classifies the issue as High severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to first compromise the renderer process, which is a prerequisite for the out‑of‑bounds read. Therefore, while the potential impact is significant, the likelihood is limited to scenarios where the renderer is already subverted.
OpenCVE Enrichment