Impact
This vulnerability is an insufficient validation of untrusted input in the GPU subsystem of Google Chrome on Windows versions older than 150.0.7871.47. A remote attacker who has already compromised the renderer process can use a crafted HTML page to read sensitive data from that process’s memory, potentially exposing confidential information. The flaw is an input validation weakness (CWE‑20) and is classified as Medium by Chromium security severity.
Affected Systems
The defect affects Google Chrome on Windows browsers running versions prior to 150.0.7871.47. No other vendor or product variations are indicated.
Risk and Exploitability
The flaw carries a medium severity rating with a CVSS score of 5.3. There is no EPSS score available and it is not listed in CISA KEV. Exploitation requires that the attacker already has control of the renderer process; once this is the case the attacker can read that process’s memory via a crafted page. The vulnerability does not provide remote code execution or system‑wide compromise on its own, but it exposes valuable information for further attacks.
OpenCVE Enrichment