Impact
The flaw is an insufficient validation of untrusted input within Blink in Google Chrome before version 150.0.7871.47. This weakness, identified as CWE‑20, permits a remote adversary to create a specially crafted web page that tricks the browser into treating cross‑origin content as if it were same‑origin. If exploited, the attacker could read or modify data belonging to other origins, enabling credential theft or other data‑exfiltration attacks.
Affected Systems
The vulnerability affects Google Chrome browsers running any version earlier than 150.0.7871.47. No other products or vendors are known to be impacted.
Risk and Exploitability
The problem is rated as a medium severity issue. The exploitation would require a victim to visit a maliciously constructed HTML page, which is a common technique for phishing or drive‑by attacks. EPSS data is not available, and the flaw is not listed in CISA’s KEV catalog, but the potential impact on confidentiality and integrity is significant because the same‑origin policy is a cornerstone of web security. The attacker may gain persistent access to session cookies or other sensitive information belonging to different origins.
OpenCVE Enrichment