Impact
An inappropriate Autofill implementation in Google Chrome lets a remote attacker craft an HTML page that, when a user performs specific UI gestures, causes the browser to present deceptive input fields. The attacker can force the user to submit sensitive data to an unintended destination. This vulnerability does not provide code execution but can compromise confidentiality through UI spoofing.
Affected Systems
The vulnerability affects Google Chrome. Versions earlier than 150.0.7871.47 are believed to be vulnerable, as indicated by the description. No additional product or version details are supplied.
Risk and Exploitability
Chromium labels the flaw as Medium severity and no CVSS or EPSS figures are available, and it is not listed in the CISA KEV catalog. Exploitation requires the user to visit a malicious page and carry out certain gestures, meaning the attack vector is social‑engineering dependent and limited to user interaction. The risk is moderate, with potential for credential leakage if the user is deceived.
OpenCVE Enrichment