Impact
The vulnerability stems from insufficient policy enforcement in the Glic component of Google Chrome. A remote attacker can craft an HTML page designed to bypass the browser's navigation restrictions, allowing the victim to navigate to URLs that would normally be blocked. The result is a compromise of the user’s navigation control, which can be used for phishing, illicit redirects, or other malicious content delivery. Chromium rates the severity of this flaw as Medium.
Affected Systems
Google Chrome versions earlier than 150.0.7871.47 are susceptible. The issue is limited to the Chrome desktop client; no specific platform distinctions are mentioned.
Risk and Exploitability
The flaw requires the victim to open a specially crafted HTML page, which could be delivered over the web, email, or local file. Because the EPSS score is not available and the vulnerability is not listed in KEV, the known exploitation probability appears low, though the medium severity rating signals a nontrivial risk. Attackers could exploit this by creating malicious sites or embedding the exploit in phishing emails, leveraging the browser’s policy bypass to trick users into visiting otherwise blocked URLs.
OpenCVE Enrichment