Impact
Inappropriate use of MediaCapture in Google Chrome permits a remote attacker, after gaining control of the renderer process, to deliver UI spoofing through a specially crafted HTML page. The flaw allows the attacker to mimic or alter interface elements presented to the user, potentially enabling social‑engineering attacks that could mislead the user into revealing confidential information or performing undesired actions. Because the attack vector requires earlier compromise of the renderer process, the impact is limited to situations where the renderer is already subverted, meaning the flaw alone does not provide direct remote code execution, but it does increase the attack surface for deceptive techniques.
Affected Systems
Google Chrome versions released before 150.0.7871.47 are affected. Systems running these older Chrome builds are vulnerable unless they are updated beyond the stated version threshold.
Risk and Exploitability
The CVSS score is not disclosed and the EPSS score is unavailable, but the Chromium security team rated the issue as medium severity. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires that the attacker already compromise the renderer process, which is nontrivial and typically occurs via another flaw or through social engineering. As a consequence, while the likelihood of discovery and exploitation is moderate, the potential for user deception and subsequent compromise remains notable for environments that expose untrusted web content.
OpenCVE Enrichment