Impact
An out-of-bounds read flaw exists in the SurfaceCapture component of Google Chrome. By loading a specially crafted HTML page, a remote attacker can trigger the flaw and read memory beyond the intended bounds, potentially exposing sensitive data. The weakness is identified as a classic out-of-bounds read and is captured by CWE-125.
Affected Systems
The vulnerability affects Google Chrome versions earlier than 150.0.7871.47. Users running any pre‑150.0.7871.47 release are susceptible unless mitigated by administrative policy or other controls.
Risk and Exploitability
Exploit requires a user to open a malicious web page in the vulnerable Chrome version, which is a widely available attack vector. The flaw is classified as medium severity by Chromium security. No EPSS score is reported, and the issue is not listed in the CISA KEV catalog, indicating no confirmed public exploitation yet. However, the potential for data leakage and the lack of a robust mitigation in the vulnerable releases suggest that the risk is non‑negligible and should be addressed promptly.
OpenCVE Enrichment