Impact
The vulnerability is an out‑of‑bounds read in the ANGLE graphics component of Google Chrome. A remote attacker who has already compromised the renderer process can craft a malicious HTML page to trigger the read, exposing sensitive information from the browser’s process memory. The flaw does not provide arbitrary code execution, but it can lead to confidential data disclosure within the renderer’s memory space.
Affected Systems
Google Chrome running on macOS versions prior to 150.0.7871.47 is affected. Any machine that has a vulnerable Chrome installation will be exposed.
Risk and Exploitability
The CVE is rated medium severity by Chromium and is not listed in CISA’s KEV catalog. No EPSS score is available, indicating no high exploitation probability data. The flaw requires that the attacker already have compromised the renderer process, limiting the attack surface to browsers that have been manipulated or that are running untrusted content. If exploited, the impact remains within the Chrome process and affects only the confidentiality of data accessible to that renderer.
OpenCVE Enrichment