Impact
The vulnerability involves insufficient validation of untrusted input in the SanitizerAPI within Google Chrome. This flaw can allow a remote attacker to craft an HTML page that bypasses the browser's same-origin policy, enabling the attacker to read or modify data from web pages belonging to other origins. The inability of the browser to properly validate input could lead to unauthorized information disclosure and the execution of malicious scripts.
Affected Systems
Google Chrome versions older than 150.0.7871.47 on all supported platforms are affected. Any user running a vulnerable version may be exposed to the risk.
Risk and Exploitability
The CVSS score is not provided, but the browser’s security team rates the issue as medium severity. The EPSS score is not available, and the vulnerability is not yet listed in CISA’s KEV catalog. Because the flaw can be triggered by any webpage served by an attacker, the risk is moderate. Exploitation requires only that the victim visit a malicious page; no additional credentials or elevated permissions are needed.
OpenCVE Enrichment