Impact
Google Chrome for Android contains an inappropriate implementation in its passwords feature that allows a remote attacker to read potentially sensitive information from process memory. A crafted HTML page can trigger this flaw, enabling the protected. The weakness directly leads to exposure of confidential information; no denial of service or code execution is described.
Affected Systems
Chrome running on Android devices prior to version 150.0.7871.47 is affected. This includes all builds of the stable channel before that release.
Risk and Exploitability
The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. The attack vector is remote, requiring the victim to open a malicious HTML page; thus it is not a network‑level exploit but still poses a significant privacy risk. The Chromium security severity is Medium, indicating a moderate but real threat level.
OpenCVE Enrichment