Impact
This issue originates from inadequate policy enforcement within the Serial API of Google Chrome. The flaw allows a remote attacker, by loading a maliciously crafted HTML page, to execute code within the privileged browser process, effectively enabling privilege escalation. It aligns with CWE‑284: Improper Access Control.
Affected Systems
Any installation of Google Chrome with a version older than 150.0.7871.47 is affected. The vulnerability applies across all desktop operating systems that run these versions, regardless of the user's level of access.
Risk and Exploitability
The vulnerability carries a low severity rating according to Chromium’s assessment, yet the resulting privilege escalation offers attackers the potential to compromise the entire host machine. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, indicating exploit prevalence may be limited. The attack vector is a crafted HTML page, and based on the description, it is inferred that any user who opens such a page—whether from the internet or from a local file—could be impacted. Prompt remediation is advised to eliminate the risk of unauthorized elevation of privileges.
OpenCVE Enrichment