Impact
An out-of-bounds read in the Codecs component of Google Chrome allowed a remote attacker to obtain potentially sensitive data from process memory through a specially crafted HTML page. This vulnerability, identified as CWE-125, enables the retrieval of information that should not be exposed, compromising confidentiality.
Affected Systems
Google Chrome versions prior to 150.0.7871.47 are affected. Any installation of the affected browser running on any operating system can be exploited if the user visits a malicious site containing a crafted page.
Risk and Exploitability
The vulnerability has a medium severity and no EPSS data is currently available. It is not listed in the CISA KEV catalog. The attack vector is remote, requiring the user to load a crafted HTML page in the browser. Exploitation requires no additional privileges and can be executed without user interaction beyond visiting the malicious page.
OpenCVE Enrichment