Impact
An insufficient validation of untrusted input in ANGLE, the abstraction layer used by Chrome for graphics rendering, allows a memory read from the renderer process. This leads to potential leakage of sensitive information stored in process memory. The vulnerability is classified as medium severity by Chromium. The primary impact is the exposure of data that the attacker could use for further compromise or user privacy violation.
Affected Systems
The defect affects Google Chrome in all editions before 150.0.7871.47. Any user running a vulnerable version is at risk when a malicious or compromised renderer process is able to execute crafted HTML. The vulnerability is vendor‑specific to Chrome, with no other products listed. The problem was discovered in the ANGLE component of Chrome's rendering pipeline.
Risk and Exploitability
The CVSS score of 5.3 reflects medium severity for this vulnerability. EPSS is not available, and the flaw is not listed in the CISA KEV catalog. Because exploitation requires the attacker to have already compromised the renderer process, the attack vector is not a purely remote or user‑facing attack; it is effectively a privilege escalation within the browser context. The overall risk is medium; an exploit would be practical only in environments where renderer isolation is already bypassed.
OpenCVE Enrichment