Impact
Inappropriate implementation in the Media UI of Google Chrome on ChromeOS enables a remote attacker, after convincing a user to perform specific UI gestures, to spoof UI elements through a crafted HTML page. The vulnerability can trick users into interacting with counterfeit or malicious UI components, facilitating phishing or social‑engineering exploits. It does not grant code execution or privilege escalation, but it undermines interface integrity.
Affected Systems
Chrome on ChromeOS prior to version 150.0.7871.47 is affected. Updating to that version or later removes the flaw; no other platforms are listed as impacted.
Risk and Exploitability
Chromium classifies the issue as Medium severity; no CVSS score is published, EPSS data is unavailable, and the flaw is not in CISA’s KEV catalog. Exploitation requires a remote attacker hosting a crafted HTML page and persuading a user to perform specific gestures, so user interaction is a prerequisite. Because of this intent‑driven requirement, the overall risk is low to moderate, though it can be leveraged for targeted social‑engineering attacks.
OpenCVE Enrichment