Impact
The vulnerability arises from insufficient policy enforcement in Chrome’s StorageAccessAPI. An attacker who has already compromised the renderer process can supply a specially crafted HTML page that causes the browser to expose data from another origin. This allows the attacker to read cross‑origin content that should be protected. The weakness corresponds to CWE‑20 and can lead to a data leakage and privacy breach.
Affected Systems
Google Chrome versions older than 150.0.7871.47 are affected. The issue was fixed in the 150.0.7871.47 update, so any installation of Chrome with a version number less than that is susceptible.
Risk and Exploitability
The CVE has a Chromium severity of medium, but no EPSS score is available, meaning the exploit probability has not been quantified. It is not listed in the CISA KEV catalogue. Exploitation requires a compromised renderer process, which is not trivial; the attacker also needs to supply a crafted HTML page. Given these conditions, the risk is moderate but could be high if the renderer is already compromised.
OpenCVE Enrichment