Impact
This vulnerability arises from an improper check in Chromecast within Google Chrome, enabling an attacker who has already compromised the rendering engine to serve a specially crafted HTML page that can override navigation limits. The flaw allows the attacker to reform navigation controls, thereby potentially redirecting users or triggering unintended actions without their consent. The weakness falls under CWE‑20, reflecting unsafe handling of input that bypasses defined security constraints.
Affected Systems
The issue affects Google Chrome versions prior to 150.0.7871.47 on all platforms that use the Chromecast component. Users running these earlier builds with the Chromecast feature enabled are at risk.
Risk and Exploitability
The available data does not include a CVSS or EPSS score, and the vulnerability is not listed in the CISA KEV catalog, indicating limited public evidence of exploitation. The attack requires prior compromise of the renderer process, a condition that is generally harder to achieve than a simple remote request; however, once achieved, the attacker can immediately bypass navigation restrictions. The Chromium severity is labeled Medium, suggesting that while the flaw is significant, it may not provide immediate full system compromise without additional foothold.
OpenCVE Enrichment