Impact
Insufficient validation of untrusted input in Chrome’s WebShare feature permits a remote attacker who has already compromised the renderer process to craft an HTML page that can spoof user interface elements. The weakness allows the attacker to manipulate the appearance of the browser UI, potentially deceiving users into interacting with malicious content under the guise of legitimate UI actions. The vulnerability is flagged as a medium severity issue based on Chromium’s internal grading.
Affected Systems
The flaw affects Google Chrome for Android, specifically versions prior to 150.0.7871.47. The exact list of impacted builds is not explicitly enumerated, but any Chrome installation below the referenced build number is vulnerable. No specific vendor product sub‑versions are listed beyond the general Chrome product designation.
Risk and Exploitability
Exploitation requires the attacker to already have control over the renderer process, which narrows the available attack surface compared to a fully remote vulnerability. The EPSS score is not available, and the flaw is not listed in the CISA KEV catalog. Given the medium severity rating and the prerequisite of renderer compromise, the likely risk is moderate, with low to medium likelihood of widespread exploitation in the near term.
OpenCVE Enrichment