Impact
Insufficient policy enforcement in the Payments component of Google Chrome on Android allows a crafted HTML page to read process memory and leak potentially sensitive information, including payment data. This vulnerability compromises confidentiality by enabling an attacker to extract data that should be protected and could lead to financial loss or identity theft.
Affected Systems
Google Chrome for Android versions prior to 150.0.7871.47 are affected. All users running these versions should consider an upgrade as the issue is tied to the Payments functionality within Chrome.
Risk and Exploitability
The vulnerability is categorized as medium severity by Chromium security. The attack vector is inferred to be a remote attacker loading a malicious HTML page while the browser is open; no exploit code or public exploit has been disclosed and it is not listed in the CISA KEV catalog. With no EPSS score available, the likelihood can be considered moderate and the risk primarily stems from the potential for information disclosure if an adversary can serve a crafted page to a victim device.
OpenCVE Enrichment