Impact
The vulnerability is insufficient validation of untrusted input in the Chrome WebUI component. A remote attacker can supply malicious network traffic that causes Chrome to treat the traffic trusted input, enabling the browser to read and expose data from a different origin that should be protected. This leads to confidential data leakage, potentially giving attackers access to sensitive user information or secrets stored in the browser.
Affected Systems
The issue affects Google Chrome versions earlier than 150.0.7871.47, including all major releases up to that point. Any user running an affected Chrome build on a desktop platform is susceptible when the WebUI is active and exposed to untrusted network traffic.
Risk and Exploitability
The vulnerability is rated Medium by Chromium security, but no CVSS score is provided. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog, indicating it has not been widely exploited yet. Nonetheless, a remote attacker could trigger the flaw by delivering malicious traffic that reaches the Chrome WebUI, making the risk moderate but still significant for organizations that rely on Chrome for secure browsing.
OpenCVE Enrichment