Impact
An inappropriate implementation in the CustomTabs component of Google Chrome on Android allowed a remote attacker to bypass the same‑origin policy by loading a specially crafted HTML page. The vulnerability is limited to the CustomTabs feature and is classified as low severity by Chromium. If exploited, an attacker could access or modify resources that should be protected by web isolation policies, potentially leaking sensitive data or influencing page behavior.
Affected Systems
Google Chrome on Android versions prior to 150.0.7871.47. The issue is contained to the CustomTabs context and does not affect other browser components.
Risk and Exploitability
The vulnerability can be triggered remotely by delivering the crafted page to a device running the affected Chrome version. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, indicating low exploitation likelihood. The lack of a high CVSS score and absence of known public exploitation further suggest that the risk level is modest, but the same‑origin policy breach could materialize serious privacy or integrity impacts if an attacker crafts malicious content.
OpenCVE Enrichment