Impact
An improper handling of network traffic in Google Chrome before 150.0.7871.47 allowed an attacker positioned on a privileged network to inject or modify data in transit, circumventing the browser’s Content Security Policy. This bypass permits the loading or execution of scripts and resources that would normally be blocked, potentially allowing malicious code to run in the context of a web page and compromise information integrity or enable further exploitation.
Affected Systems
Google Chrome versions earlier than 150.0.7871.47 are affected on all desktop operating systems supported by the browser. No specific operating‑system restrictions were disclosed.
Risk and Exploitability
The vulnerability has a CVSS score of 6.5, indicating medium severity. Its EPSS score is less than 1%, pointing to a low probability of exploitation in the wild, and it is not listed in the CISA KEV catalog. Exploitation requires an attacker with privileged control over network traffic, so it is limited to environments where an adversary can intercept or inject data. While the potential impact of bypassing CSP can be significant—allowing script injection or the loading of unauthorized content— the realistic risk is moderate due to the low exploitability likelihood and the requirement for a privileged network position.
OpenCVE Enrichment