Impact
An improper GPU handling routine in Chrome allows an attacker who has already compromised the renderer process to read sensitive data from that process’s memory via a specially crafted HTML page. The flaw effectively exposes confidential information that resides in memory, beyond the intended boundaries of the renderer sandbox, and can be exploited only when the attacker already has control over the renderer.
Affected Systems
All installations of Google Chrome older than version 150.0.7871.47 are affected. This includes the stable channel on Windows, macOS, Linux, and Chrome OS. No specific operating‑system restriction is documented in the advisory.
Risk and Exploitability
The CVE was rated as low severity by Chromium. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires a local compromise of the renderer process; thus the overall risk is limited and the typical attacker would need to inject malicious content that already jumps and hijacks the renderer. The likelihood of a large‑scale public exploitation is consequently low.
OpenCVE Enrichment