Impact
An improper implementation in SplitView on Linux allowed a crafted HTML page to cause the Omnibox (URL bar) to display spoofed contents through specific UI gestures. This UI spoofing could lead users to believe they were viewing a different webpage when they were not. The flaw involves user interface manipulation weaknesses.
Affected Systems
Google Chrome browsers on Linux systems with versions earlier than 150.0.7871.47 are affected. More recent releases contain a fixed implementation that prevents the malicious UI manipulation.
Risk and Exploitability
The vulnerability is rated low in Chromium’s security severity framework. It requires the user to open a crafted HTML page and perform specific UI gestures, which limits autonomous exploitation. No EPSS score is available and the issue is not listed in CISA KEV, indicating a modest short‑term threat. Safe browsing protections and standard user awareness remain effective mitigations until a patch is applied.
OpenCVE Enrichment