Impact
The flaw is an uninitialized use of a codec component that can cause sensitive data to be read from process memory. The flaw allows a crafted HTML page accessed by a remote attacker to trigger the code path that reads uninitialized memory, potentially leaking confidential data. The weakness, identified as CWE-457, leads to information disclosure affecting the confidentiality of the system.
Affected Systems
Google Chrome users on Windows with versions earlier than 150.0.7871.47 are affected. The vulnerability manifests when a user loads a malicious HTML page in Chrome. No other operating systems or browsers are listed as affected.
Risk and Exploitability
The vulnerability can be exploited remotely by delivering a crafted HTML page to a victim’s browser. Because the exploitation requires the user to open that page, the likelihood of widespread attacks is moderate. The EPSS score is not available, and the CVE is not listed in the CISA KEV catalog, so there is no publicly confirmed exploitation. The CVSS score is not provided, but the medium Chromium severity suggests a moderate impact.
OpenCVE Enrichment