Impact
The vulnerability resides in the Paint implementation within Google Chrome prior to version 150.0.7871.47 and permits a remote attacker to create deceptive user interface elements through a specially crafted HTML page. This flaw is classified by Chromium security as medium severity, indicating that a successful exploit could mislead users into interacting with false UI elements, potentially leading to credential theft or other social engineering attacks.
Affected Systems
The issue affects all Chrome releases prior to 150.0.7871.47 across all platforms. Users who have not installed the latest stable update are exposed.
Risk and Exploitability
No EPSS score is available for this vulnerability and it is not included in the CISA KEV catalog. Chromium indicates the severity as Medium, suggesting that exploitation is plausible but there is no publicly documented exploit. The attack would require a malicious webpage loaded in Chrome, and the attacker would rely on the UI spoofing to trick the user.
OpenCVE Enrichment