Impact
The vulnerability is an input validation flaw in Google Chrome’s Network component. Untrusted input is processed without sufficient checks, allowing an attacker who has compromised the renderer process to read and send cross‑origin data via a crafted HTML page. Because the description does not mention code execution or privilege escalation, it is inferred that the flaw is limited to data leakage only.
Affected Systems
Google Chrome versions earlier than 150.0.7871.47 are affected. The issue was fixed in the stable‑channel update released in June 2026, so users who retain older releases are at risk of cross‑origin data leakage.
Risk and Exploitability
The CVE is classified as low‑severity by Chromium security reviewers. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog – this is inferred to indicate that no widespread, publicly available exploits are known. The required attacker capability is compromising the renderer process, which limits the likelihood of successful exploitation in typical environments. The potential confidentiality impact is inferred because the flaw could expose data that should remain private, posing a risk especially in enterprise contexts.
OpenCVE Enrichment