Impact
The flaw resides in Chrome’s PageInfo interface, where the security UI is rendered incorrectly for browsers prior to version 150.0.7871.47. A remotely hosted web page can exercise a crafted set of user interface gestures, causing the browser to display misleading security information. An attacker who convinces a user to engage in the required gestures could make the user believe a compromised or untrusted connection is secure, potentially leading to credential theft or other phishing‑style attacks. The vulnerability does not expose code execution or privilege escalation, and its Chrome severity rating is medium.
Affected Systems
All users of Google Chrome versions older than 150.0.7871.47 are affected; no other vendors or products are listed. The issue is limited to the Chrome stable channel on desktop platforms.
Risk and Exploitability
No EPSS score is provided and the vulnerability is not listed in the CISA KEV catalog, indicating it has not yet been widely exploited. Exploitation requires the user to perform specific UI gestures after being tricked by a remote web page, so it is a selective threat that mostly targets individuals who interact with malicious sites. The medium severity rating reflects the potential for serious social‑engineering damage, but the absence of known public exploits reduces the current threat level to moderate pending a patch.
OpenCVE Enrichment