Impact
This vulnerability involves insufficient validation of untrusted input within Chrome’s CustomTabs component on Android, allowing a local attacker to supply a malicious file that tricks the browser into displaying a spoofed user interface. The exploit can subvert user trust by presenting counterfeit content or actions, potentially leading to additional malicious activity. The advisory rates the severity as Medium.
Affected Systems
Google Chrome for Android versions earlier than 150.0.7871.47 are vulnerable. The issue was identified in the CustomTabs feature, which is part of the browser’s core functionality.
Risk and Exploitability
An attacker must have local access to the device to create or place a malicious file that initiates the CustomTabs view. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, indicating that large-scale exploitation has not been observed. The issue is rated Medium in Chromium’s internal security assessment, and because the exploit requires local interaction, the overall risk is moderate, particularly for users running untrusted applications or files.
OpenCVE Enrichment