Impact
An integer overflow in Chrome’s Safe Browsing component on macOS allows a remote attacker to bypass navigation restrictions by crafting a malicious file. The flaw can be exploited when the victim opens the file, causing the browser to treat it as a safe or allowed resource and navigate to a target URL or content that would normally be blocked.
Affected Systems
Google Chrome running on macOS versions prior to 150.0.7871.47 are affected. The issue is specific to the Safe Browsing subsystem that governs navigation restrictions. Users of older Chrome builds on Mac devices are therefore vulnerable until an update mitigates the overflow.
Risk and Exploitability
The CVE does not yet have an EPSS score available and is not listed in the CISA KEV catalog, suggesting no known exploitation in the wild at this time. Chromium rates the severity of the flaw as Medium, indicating the potential for notable impact if a malicious file is delivered to an end‑user. The likely attack vector is a remote attacker delivering a crafted file to a target user, possibly via email, a compromised website, or other file‑sharing channels. Without an explicit CVSS score, the exact technical risk remains uncertain, but the combination of an unsanitised integer overflow and the overlooking of navigation restrictions represents a significant vector for attackers to violate the browser’s safety model.
OpenCVE Enrichment