Impact
The vulnerability is an insufficient policy enforcement in the Media component of Google Chrome for Windows that allows a crafted HTML page to bypass the browser’s site isolation feature. Because site isolation normally prevents one site’s processes from sharing resources with another, this weakness could enable cross‑site interactions that are normally restricted. Chromium has rated the flaw as low security severity.
Affected Systems
Any Windows installation running Google Chrome version prior to 150.0.7871.47 is affected. The fix is included in Chrome releases starting with 150.0.7871.47. The CVE description does not mention other operating systems, so application of this vulnerability to other OSes is uncertain.
Risk and Exploitability
The flaw is triggered only when a user opens a specially constructed HTML page in the affected browser. EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog, so the likelihood of mass exploitation is unclear. Because site isolation is a fundamental isolation boundary, a successful bypass could allow an attacker to interact with data or resources from another site, thereby undermining the browser’s security posture. Timely remediation is therefore advisable.
OpenCVE Enrichment