Impact
An inappropriate implementation in Chrome’s WebAppInstalls component allows a remote attacker to bypass the same origin policy through a crafted HTML page. The vulnerability is a medium‑severity flaw reported by Chromium, permitting cross‑origin access to data or functionality that should be isolated by the browser. The attacker could, without local access, read or modify information stored by other origins, potentially compromising user data and application integrity.
Affected Systems
Google Chrome versions prior to 150.0.7871.47 are affected. The fix is included in Chrome 150.0.7871.47, which corrects the flaw in WebAppInstalls.
Risk and Exploitability
The CVSS score is not publicly disclosed, and the EPSS score is unavailable, but the flaw is not listed in CISA’s KEV catalog. Based on Chromium’s medium severity rating, the same‑origin bypass poses a moderate to high risk for confidentiality and integrity if an attacker can deliver the crafted page to a targeted user. The likely attack vector is a remotely crafted HTML page served over the web to the victim’s browser, exploiting the missing access control in WebAppInstalls. No exploitation examples have been reported, so the exploitation probability remains uncertain, though the underlying weakness is significant.
OpenCVE Enrichment