Impact
The vulnerability arises from insufficient enforcement of the Passwords policy in Google Chrome versions prior to 150.0.7871.47. A remote attacker can create a crafted HTML page that, when loaded in the browser, bypasses the normal same‑origin restrictions and leaks password data stored locally. Based on the description, the attack vector is likely a malicious web page that the victim visits, and the impact is the exposure of protected credentials and other data that should be confined to the originating origin.
Affected Systems
The flaw affects the Google Chrome browser and applies to any release earlier than version 150.0.7871.47. All users running an outdated Chrome build are potentially vulnerable until they upgrade to the patched version.
Risk and Exploitability
The issue is rated a low severity by Chromium. No EPSS score is available, so the historical likelihood of exploitation remains unclear, but the lack of a KEV listing suggests no confirmed, widespread exploitation in the wild. The risk is primarily confined to browsers that have not applied the security update; once upgraded, the flaw is mitigated. The cross‑origin data leak could still be valuable to an actor who can entice users to visit a malicious site, but the attack requires no additional privileged context beyond a standard web page load.
OpenCVE Enrichment