Impact
A flaw in the Enterprise build of Google Chrome prior to 150.0.7871.47 allows a remote attacker to read data from the browser’s process memory when a crafted HTML page is loaded. The vulnerability can expose potentially sensitive information, which is considered high severity according to Chromium’s security team. No CVSS score is available, but the flaw is clearly an information‑exposure weakness per CWE‑200.
Affected Systems
Google Chrome Enterprise users running any Chrome version older than 150.0.7871.47 are affected. The issue does not apply to later releases that incorporate the fix.
Risk and Exploitability
The attack vector appears to be a malicious or compromised web page that delivers the crafted content to the victim’s browser. Because the flaw is triggered by HTML parsing, a remote attacker can target any machine that has an uncontrolled or untrusted web page rendering in Chrome. The exploit does not depend on local user actions beyond visiting the page, and the vulnerability is a high‑severity memory disclosure. No EPSS score is available, and the vulnerability is currently not listed in CISA’s KEV catalog.
OpenCVE Enrichment