Impact
A flaw in Google Chrome’s DevTools allows a remote attacker to trick a user into performing specific UI gestures on a crafted web page, resulting in the leakage of cross‑origin data. The vulnerability exploits an inappropriate implementation that bypasses normal same‑origin restrictions, enabling the attacker to read sensitive information that would otherwise be inaccessible. The primary consequence is the disclosure of confidential data, potentially compromising user privacy or exposing proprietary information.
Affected Systems
The issue affects all desktop installations of Google Chrome versions prior to 150.0.7871.47, regardless of operating system. Any user running an affected build and traversing a maliciously crafted page while interacting with DevTools can be impacted.
Risk and Exploitability
The Chromium project rates the severity as medium, and the exploit requires user interaction via a crafted HTML page. No EPSS data is available, and the vulnerability is not listed in CISA’s KEV catalog, indicating it is not actively exploited at large scale. Nonetheless, the attack vector relies on social engineering to induce the required UI gestures, so the overall risk is moderate but non‑negligible for users who frequently inspect web pages with DevTools.
OpenCVE Enrichment