Impact
The flaw is an improper implementation of the HTML parser in Chrome that allows a remote attacker to inject and execute arbitrary scripts or HTML through a specially crafted page. This flaw can enable cross‑site scripting (XSS) attacks, potentially leading to the execution of malicious code within the context of a user’s browser session. The vulnerability is classified as medium severity by Chromium’s internal scoring and is tied to CWE‑79.
Affected Systems
Affected browsers are Google Chrome versions prior to 150.0.7871.47. The issue applies to all operating systems that run this older Chrome build; the CNA list simply lists Google:Chrome. Users who have not yet upgraded remain vulnerable.
Risk and Exploitability
No CVSS score or EPSS estimate is published, but the medium severity rating and the fact that an attacker can trigger the flaw by presenting a crafted page suggest a moderate to high exploitation risk. The vulnerability is not currently listed in CISA’s KEV catalog, and no official workaround is available, so exposure can only be mitigated by applying the product update. Attackers can deliver the exploit via any web page, email attachment, or malicious link that a user visits.
OpenCVE Enrichment