Impact
Side‑channel information leakage in the ComputePressure module of Google Chrome prior to version 150.0.7871.47 allows a remote attacker to leak data across origins through a specially crafted HTML page. The flaw can disclose sensitive information compromising confidentiality. The Chromium project rates this vulnerability as medium severity.
Affected Systems
Google Chrome browsers. Users running any older stable or beta channel build could be exposed to this leakage unless they upgrade to the patched version.
Risk and Exploitability
The exploit requires the victim to open a crafted web page in Chrome. While the EPSS score is currently unavailable and the vulnerability is not listed in the CISA KEV catalog, the medium severity rating and the potential for cross‑origin data leakage suggest that the risk is non‑negligible. Attackers would need only the victim’s browser session; there is no known requirement for elevated privileges or additional footholds. The vulnerability could be leveraged in a drive‑by‑download scenario, making it remotely exploitable.
OpenCVE Enrichment