Impact
The vulnerability arises from an inappropriate implementation in Chrome’s sharing feature on Android. A crafted HTML page can exploit a renderer process that has already been compromised, allowing the attacker to read data that belongs to a different origin. This results in the leakage of confidential information across web site boundaries without granting the attacker arbitrary code execution. The weakness aligns with Information Exposure (CWE‑200).
Affected Systems
Google Chrome for Android, versions prior to 150.0.7871.47.
Risk and Exploitability
The CVSS score is not listed but the description rates Chromium security severity as Medium. EPSS is unavailable, and the vulnerability is not in the CISA KEV catalog. Exploitation requires control over the renderer process. Because the renderer can be compromised by malicious web content, the potential for cross‑origin data leaks exists as long as users visit untrusted pages. The risk is moderate to high for environments where sensitive data is displayed through Chrome’s sharing feature.
OpenCVE Enrichment