Impact
A weakness in the spellcheck component of Google Chrome allows an attacker who has already compromised the renderer process to read data from process memory. The vulnerability does not allow the attacker to execute arbitrary code; rather, it enables the retrieval of potentially sensitive information such as user data, browser state, or other memory contents. Because the attacker needs a foothold in the renderer, the impact is limited to situations where local or remote code execution in that process has already occurred, but the information leak can still pose significant privacy risks.
Affected Systems
All releases of Google Chrome prior to version 150.0.7871.47 are affected. The issue exists only in the Chromium-based stable channel before this patch release. No other vendors or products are implicitly impacted by this specific flaw.
Risk and Exploitability
The CVSS score is not provided, but the description indicates medium severity. The attacker must first compromise the renderer, a task that might be achieved through exploitation of other bugs or social engineering. Once inside the renderer, the memory read can be performed via a crafted HTML page. No EPSS score is available, and the vulnerability is not listed in CISA KEV. Given the requirement of prior renderer compromise, the risk is moderate, but the potential for privacy loss makes timely patching advisable.
OpenCVE Enrichment