Impact
An attacker who has compromised the renderer process in Google Chrome before version 150.0.7871.47 can craft an HTML page that displays a fake password prompt, misleading users into believing the prompt is legitimate. This flaw is an example of CWE‑639 and CWE‑800 weaknesses, allowing the malicious page to impersonate Chrome’s security UI and potentially lead to credential compromise or other deceptive attacks. The vulnerability is rated medium severity by Chromium security teams.
Affected Systems
Google Chrome versions earlier than 150.0.7871.47 are affected. Users running these builds on any operating system that Chrome supports are susceptible.
Risk and Exploitability
The attack requires that the attacker already gain control over the renderer, which can be achieved through malicious content or a separate exploit. While the EPSS score is not available, the medium severity rating and the lack of KEV listing suggest that widespread exploitation is not yet observed. Still, the potential for users to be tricked into entering credentials warrants prompt remediation.
OpenCVE Enrichment