Impact
the vulnerability allowed a remote attacker to bypass navigation restrictions via a crafted HTML page in Chrome prior to 150.0.7871.47. This bypass undermines the browser’s navigation policy, permitting the loaded page to navigate to URLs that would normally be blocked, potentially enabling phishing, credential theft, or delivery of malicious content. The weakness is an insufficient enforcement of policy, which can lead to unauthorized navigation and could be used as part of a broader attack chain.
Affected Systems
Google Chrome browsers prior to version 150.0.7871.47 are affected. Users running any older Chrome release on Windows, macOS, Linux, or Chrome OS may be vulnerable.
Risk and Exploitability
The CVSS score is not listed but the official severity is Medium. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog, indicating no known active exploitation. However, the attack vector is remote via a crafted HTML page, suggesting that a malicious webpage could be served to users, making exploitation plausible if users visit compromised sites. The risk is therefore moderate; organizations should patch promptly to eliminate the policy bypass.
OpenCVE Enrichment