Impact
A WebView policy enforcement flaw in Google Chrome on Android allows a remote attacker to bypass navigation restrictions by delivering a crafted HTML page. The vulnerability stems from inadequate access control and lets a malicious page redirect or load content that the user should be prevented from reaching. This flaw can compromise confidentiality and integrity by allowing unintended navigation or data exfiltration, but it does not provide arbitrary code execution.
Affected Systems
Google Chrome for Android versions earlier than 150.0.7871.47 are affected. The flaw exists in the WebView component, which is used by many Android applications to display web content.
Risk and Exploitability
The issue is rated medium severity by Chromium. The exploit requires the attacker to serve a malicious HTML page to a user’s device, typically via an app or a compromised website that renders content in WebView. Because the EPSS score is unavailable and the vulnerability is not listed in KEV, the likelihood of widespread automated exploitation is uncertain, yet users should treat it as a medium‑risk threat until mitigated.
OpenCVE Enrichment