Impact
A flaw in Chrome’s SplitView component allowed an attacker who had already compromised a renderer process to bypass navigation restrictions, enabling a crafted HTML page to direct the user to malicious sites or content. Chromium notes it as a medium‑severity issue. The vulnerability would let a malicious renderer redirect or force navigation that normally would be blocked, potentially leading to phishing or other user‑targeted attacks, but does not provide direct code execution or system compromise.
Affected Systems
All users running Google Chrome versions prior to 150.0.7871.47 on any operating system are affected, regardless of platform. The issue exists in the core rendering engine accessed by all installed Chrome instances that run the SplitView UI.
Risk and Exploitability
No EPSS score is currently available and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to first compromise a renderer process, which typically means delivering malicious content or exploiting a separate vulnerability. Once renderer compromise is achieved, the attacker can use the SplitView bypass to redirect users or alter navigation, presenting an elevated phishing risk. The CVSS score is not provided, but the medium severity rating indicates significant risk if the renderer is already compromised. Applying the fix mitigates the bypass and removes this potential attack path.
OpenCVE Enrichment