Impact
In Chrome for macOS versions prior to 150.0.7871.47, an incorrect handling of password data in the browser's password manager allows a local attacker who can create or influence a malicious file to read sensitive information from Chrome’s process memory. This memory disclosure can expose stored credentials or other confidential data, representing a clear information‑exposure vulnerability.
Affected Systems
The affected product is Google Chrome running on macOS. Any install of Chrome with a build number earlier than 150.0.7871.47 is vulnerable. No specific minor or patch releases are listed in the CNA data.
Risk and Exploitability
Because the flaw requires a local attacker to supply a malicious file, broader network exploitation is not possible. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalogue. Chromium rates the severity of the bug as Medium, indicating a moderate risk that could still lead to credential theft if an attacker gains local access. The condition remains that the user interacts with a compromised file or application that can trigger the memory read path.
OpenCVE Enrichment