Impact
A remote attacker can exploit insufficient policy enforcement in Chrome’s Bluetooth implementation to read process memory through a crafted web page. The flaw allows access to potentially sensitive data, compromising confidentiality. The weakness is a classic information–exposure flaw.
Affected Systems
Google Chrome browsers with versions prior to 150.0.7871.47 are affected. Users of older Chrome releases who have not applied the latest update are at risk.
Risk and Exploitability
The vulnerability is ranked as low severity by Chromium, and there is no EPSS score available. Google has not listed it in the CISA KEV catalog. Exploitation requires a web page that the attacker can host and convincing the victim to visit while Bluetooth is enabled. No public exploit or commercial tool has been reported, but the possibility of a memory disclosure exists for any user who visits a malicious page while Bluetooth is active.
OpenCVE Enrichment