Impact
Insufficient XML policy enforcement in Google Chrome for Android allows a remote attacker to trigger a memory disclosure via a specially crafted HTML page. The flaw permits reading potentially sensitive information from the browser process’s memory. The vulnerability does not provide a path to execute arbitrary code or modify system state, so the primary impact is information disclosure.
Affected Systems
Google Chrome on Android versions earlier than 150.0.7871.47 are affected.
Risk and Exploitability
Because the flaw is triggered by a crafted HTML page, an Android user who visits a malicious site can exploit the vulnerability without authentication. EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog. The reported medium severity rating indicates a moderate risk; an attacker could obtain private data but would not achieve code execution. No public exploits have been reported at this time.
OpenCVE Enrichment