Impact
In Google Chrome versions prior to 150.0.7871.47, a flaw in the CSS implementation permits a crafted HTML page to manipulate the browser's rendering of UI elements, effectively allowing an attacker to perform UI spoofing. Attackers can use this to trick users into interacting with fake controls, enabling phishing or credential theft. The vulnerability is rated high severity by Chromium security.
Affected Systems
The affected product is Google Chrome, specifically all builds before version 150.0.7871.47.
Risk and Exploitability
An attacker can exploit the flaw remotely by hosting a malicious HTML page and enticing a user to visit it. No public exploit has been documented and the vulnerability is not listed in CISA's KEV catalog. The EPSS score is unavailable, so the likelihood of exploitation in the wild is unknown, but the high severity and ease of triggering through a simple web page suggest a significant risk to users on affected versions.
OpenCVE Enrichment