Impact
The vulnerability is an insufficient policy enforcement in Google Chrome’s Network module, enabling an attacker who can position themselves in a privileged network environment to bypass navigation restrictions by serving a crafted HTML page. This flaw allows a user to visit URLs that should be blocked, effectively breaking the browser’s navigation policy. The issue is rated Medium severity by Chromium security, but no CVSS score is publicly available. The weakness can be classified as improper authorization (CWE‑285).
Affected Systems
Google Chrome desktop versions earlier than 150.0.7871.47 are affected; versions 150.0.7871.47 and later contain the fix.
Risk and Exploitability
EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog. The attack vector requires an attacker to be positioned in a privileged network segment and to serve a crafted HTML page. Although no quantitative risk metrics are provided, circumventing navigation restrictions is a serious policy violation that warrants timely mitigation.
OpenCVE Enrichment