Impact
An improper implementation of CSS parsing in Google Chrome allows a remote attacker to bypass the browser’s same‑origin policy through a specially crafted HTML page. This flaw, rated as high severity by Chromium, can let malicious content read or interact with resources from other origins, exposing data or facilitating further attacks such as cross‑site scripting or credential theft.
Affected Systems
The vulnerability affects all installations of Google Chrome on the stable channel with versions earlier than 150.0.7871.47. Any user running those versions is susceptible until the patch is applied.
Risk and Exploitability
Because the flaw is remote and triggered by a crafted HTML page, an attacker only needs to host or send malicious content that a user views in a vulnerable browser. While no EPSS score is currently available and the issue is not listed in CISA’s KEV catalog, the inherent breach of the same‑origin boundary makes exploitation highly valuable. An attacker could read or modify data from other domains, potentially leading to data breaches or defacement, provided the user visits the malicious page. The attack surface is broad, affecting every user of the vulnerable Chrome releases.
OpenCVE Enrichment