Impact
The vulnerability is an inappropriate implementation in the Views component of Google Chrome on ChromeOS that permits a maliciously crafted extension to read sensitive data from the browser’s process memory. When a user installs such an extension, the attacker can extract potentially confidential information, including credentials or personal data, that resides in memory. This results in an information exposure flaw identified by the vendor as low severity. The access is limited to the memory space of the user’s browser process and does not provide direct code execution.
Affected Systems
ChromeOS users with Google Chrome versions earlier than 150.0.7871.47 are affected. The issue concerns the Chrome browser running on ChromeOS only; no other operating systems are listed.
Risk and Exploitability
The exploit requires a user to willingly install a malicious extension, which makes exploitation dependent on social engineering. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting a lower likelihood of widespread exploitation. Nonetheless, because the flaw allows memory disclosure, it remains a serious privacy risk for users who install unverified extensions. The CVSS score is 5.9, indicating a moderate severity, and confirms that direct exploitation is more constrained than higher‑risk vulnerabilities.
OpenCVE Enrichment