Impact
The vulnerability resides in the password prompt implementation of Google Chrome. A crafted HTML page can trigger a malicious login interface that mimics the browser’s native dialog, deceiving users into entering credentials into a spoofed prompt. While the CVE description does not explicitly claim credential theft, the UI spoofing mechanism could enable a social‑engineering attacker to harvest user input if the user believes the prompt is legitimate.
Affected Systems
All Google Chrome versions prior to 150.0.7871.47 on all platforms are affected. Users running the stable channel before this build, regardless of operating system, must address the issue by upgrading to a fixed release.
Risk and Exploitability
This flaw is a Medium‑severity vulnerability per Chromium’s internal rating. The attack requires a social‑engineering vector; the attacker must deliver a malicious web page containing the crafted HTML to the victim. The EPSS score is unavailable and the vulnerability is not listed in the CISA KEV catalog, so the precise exploitation likelihood remains unknown. Nonetheless, until the browser is updated, the flaw remains a usable phishing vector.
OpenCVE Enrichment