Impact
A weakness in the input validation logic within Chrome’s Network component allows a remote attacker who has already compromised the renderer process to serve a specially crafted HTML page that overrides the browser’s navigation restrictions. This flaw does not provide direct code execution or compromise of the operating system, but it can redirect the user to unintended URLs or cause the browser to load content it was not supposed to allow.
Affected Systems
Versions of Google Chrome earlier than 150.0.7871.47 on any platform that includes the affected Network component are vulnerable. The flaw exists in all releases that deploy the Network stack prior to that patch, regardless of operating system or architecture.
Risk and Exploitability
Chromium rates the issue as a Medium severity vulnerability; no CVSS score is provided in the data. An EPSS score is not available, so the likelihood of exploitation in the wild has not been quantified. The flaw is not listed in the CISA KEV catalog. Exploitation requires the attacker to have first gained access to the renderer process, so the overall risk is constrained to scenarios where a sandbox escape or similar initial compromise has already occurred. If such a foothold is achieved, the attacker can redirect users to malicious sites or load unwanted content via the navigation‑bypass path.
OpenCVE Enrichment