Impact
An out‑of‑bounds read flaw in the Layout component of Google Chrome allows a remote attacker to craft an HTML page that can read arbitrary data from the browser process’s memory. The vulnerability can cause disclosure of sensitive information, potentially including user secrets, credentials, or cryptographic keys. The weakness is an improper input validation that permits an attacker to read beyond allocated buffers, leading to information leakage.
Affected Systems
Google Chrome browsers built on the Chromium engine whose versions are older than 150.0.7871.47 are affected. No specific builds or platforms are excluded in the advisory; all desktop operating systems that run the vulnerable browser should be considered at risk.
Risk and Exploitability
The advisory lists the issue as medium severity. EPSS data is not available, and the vulnerability is not in the CISA KEV catalog, so the public exploitation probability is unknown. The attack requires delivering a crafted HTML page to the victim, which could be accomplished via a malicious website or phishing email. If an attacker succeeds, they can read from the browser’s memory, leading to a potential compromise of user information. The risk is mitigated by applying the vendor’s patch, as no public exploits have been reported.
OpenCVE Enrichment