Impact
An insufficient validation of untrusted input within the Network component of Google Chrome allows a remote attacker, once able to compromise the renderer process, to leak data across origin boundaries. The flaw is a classic input validation weakness (CWE‑20) that can expose sensitive information from web pages that the user is browsing to the attacker’s remote code execution environment. The vulnerability can be exploited to read cross‑origin data that a normal same‑origin policy would normally protect, potentially aiding further attacks such as credential theft or data exfiltration.
Affected Systems
The affected product is Google Chrome. Versions prior to 150.0.7871.47 are impacted; any build of Chrome with a revision lower than that release number is vulnerable. The issue is disclosed for the stable channel and affects desktop deployments of the browser.
Risk and Exploitability
The exploit requires that an attacker have already managed to compromise the renderer process, which is a privileged sandbox process in Chrome. While the CVSS score is not listed, Chromium rates the issue as medium severity. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting that there is currently no known widespread exploitation in the wild. Nonetheless, because the flaw causes unauthorized data disclosure across origins, it represents a significant confidentiality risk. Organizations should treat it as a priority if their users run locally installed Chrome builds or visit untrusted web content.
OpenCVE Enrichment