Impact
An integer overflow in the WebNN API of Google Chrome can be triggered by loading a maliciously crafted HTML page. The overflow allows the browser to read arbitrary data from its process memory, potentially exposing sensitive information such as credentials, tokens, or other secrets. The flaw is categorized as CWE-472 and carries a CVSS score of 6.5, indicating a moderate‑severity risk in the Chromium security model.
Affected Systems
Google Chrome versions prior to 150.0.7871.47 are impacted. No other vendors or products are listed.
Risk and Exploitability
The vulnerability is not listed in the CISA KEV catalog and its EPSS score is not available, so exploitation likelihood is not quantified. The attack requires a remote user to open a malicious page in Chrome; no privileged escalation is needed. Because it leaks memory contents, an attacker could harvest sensitive data from the browser process.
OpenCVE Enrichment