Impact
Google Chrome versions prior to 150.0.7871.47 contain insufficient policy enforcement in the Network component that enables a remote attacker to bypass navigation restrictions by serving a specially crafted HTML page. The flaw allows the attacker to redirect the browser to arbitrary URLs outside the intended navigation context, potentially exposing the user to phishing, malware, or other malicious content. The primary impact is an authorization bypass that removes the built‑in safeguards designed to control where the browser can navigate.
Affected Systems
The vulnerability affects Google Chrome on all platforms for which the Network stack is implemented, including Windows, macOS, Linux, Android, and iOS. The affected releases are all versions before 150.0.7871.47; any installation running a newer build is not impacted.
Risk and Exploitability
The CVE is rated as low severity in Chromium's internal assessment and no EPSS score is available, suggesting a relatively small likelihood of widespread exploitation at present. The vulnerability is not listed in CISA's KEV catalog. The attack vector is remote: an attacker only needs to host or serve the crafted HTML to a victim’s browser, which can be done via email, malicious websites, or compromised content. Exploitation requires no privileged privileges on the target system, but the impact can still be significant for the individual user.
OpenCVE Enrichment