Impact
The flaw is an insufficient policy enforcement in the PageInfo component of Google Chrome that allows a remote attacker to craft a malicious HTML page to trick users into interacting with a user interface that appears legitimate but is actually deceptive. The primary consequence is that an attacker could lure a user into performing unintended actions or divulging information under false pretenses, exposing the user to phishing or related attacks. The official Chromium severity is Medium, indicating that while the flaw is non‑destructive, it has real potential to mislead users and facilitate social engineering.
Affected Systems
All installations of Google’s Chrome browser earlier than version 150.0.7871.47, on any supported operating system, were susceptible to this UI spoofing flaw. The remediation is a simple version upgrade, and the latest Chrome stable channel releases include the fix.
Risk and Exploitability
There is no EPSS score available for this vulnerability, and it is not listed in CISA’s KEV catalog, suggesting that it has not yet been widely exploited. Despite the lack of exploitation data, the vulnerability can be leveraged by an attacker who can host or embed a malicious page that a user visits, highlighting the importance of applying the vendor’s patch. The only known mitigations are through an update, and no publicly documented workaround exists at this time.
OpenCVE Enrichment