Impact
The vulnerability involves an out‑of‑bounds read in the Chromecast component of Google Chrome. A local attacker can craft malicious network traffic that triggers the read and exposes sensitive information from the browser’s process memory. This results in information disclosure, but does not grant code execution or modify data.
Affected Systems
Users of Google Chrome versions older than 150.0.7871.47 are affected. The issue was fixed in release 150.0.7871.47 and later.
Risk and Exploitability
No CVSS score is supplied, but the Chromium security severity is listed as Low. EPSS data is not available, indicating limited information on exploitation likelihood. The vulnerability is local and requires the attacker to have access to the user’s machine or to be able to influence network traffic that reaches the Chrome process. It is not listed in the CISA KEV catalog, so no known widespread exploitation is reported.
OpenCVE Enrichment