Impact
Chrome’s Paint module processes pixel data from rendered web pages. A flaw in how the component accesses memory allowed a specially crafted HTML page to cause the driver to expose adjacent memory through a side‑channel, leaking data from other origins. The vulnerability hinges on a failure to isolate paint operations, leading to cross‑origin information exposure.
Affected Systems
Chrome versions earlier than 150.0.7871.47 on any operating system are affected, regardless of the user’s permissions. The issue is triggered only when the victim opens a malicious HTML page in the browser.
Risk and Exploitability
A remote attacker can exploit the flaw by delivering a crafted page via a website or email. The attack vector is surface‑level: the victim need only load a page. While no EPSS score is published and the flaw is not listed in CISA’s KEV catalog, the Chromium severity rating of Medium and the potential to compromise confidentiality make the risk moderate. No additional exploitation prerequisites are required beyond this page view.
OpenCVE Enrichment