Impact
In Google Chrome prior to 150.0.7871.47 an inappropriate implementation of password handling allowed a remote attacker to leak cross‑origin data through a crafted HTML page. The flaw violates the browser’s same‑origin policy and permits confidential data from a user’s visited sites to be read by an attacker’s web page, compromising information confidentiality.
Affected Systems
Google Chrome desktop installations below version 150.0.7871.47 are affected. Any user running the browser before the patch is vulnerable.
Risk and Exploitability
Chromium rates the severity as medium and there is no current EPSS score, indicating limited observed exploitation. The likely attack vector is a malicious web page that the user visits, which can then read data from other origins. While the vulnerability does not provide arbitrary code execution, it enables cross‑origin data exfiltration.
OpenCVE Enrichment