Impact
Google Chrome’s rendering engine Dawn suffered an inappropriate implementation that allows a remote attacker to extract sensitive data from a browser process’s memory. The flaw can be triggered by a carefully crafted HTML page that runs in the victim’s browser, giving the attacker read access to memory that may contain personally identifying or privileged information. This leads to the disclosure of confidential data without impacting the integrity or availability of the system.
Affected Systems
Versions of Google Chrome prior to 150.0.7871.47 are vulnerable. Any user or system running Chrome from the stable channel before this patch is potentially affected; newer releases contain the fix.
Risk and Exploitability
The assigned severity is low, and the vulnerability is not listed in the CISA KEV catalog. No EPSS score is available, suggesting limited or unverified public exploitation risk. The attack requires delivering a malicious HTML page to the victim’s browser, indicating a remote web-based attack vector. Overall, the risk is limited to information exposure, and immediate patching is recommended to mitigate potential data leakage.
OpenCVE Enrichment