Impact
The vulnerability is a side‑channel leak in Chrome’s WebAudio component, allowing a malicious web page to read data from other origins. By crafting audio processing operations, the attacker can retrieve confidential information even though same‑origin restrictions normally block such access. The weakness aligns with CWE‑1300 and CWE‑203.
Affected Systems
Affected software is Google Chrome for desktop, with the issue present in all builds older than version 150.0.7871.47. No other vendors or product families are listed; the scope is limited to browsers built from the Chromium source tree.
Risk and Exploitability
Chromium classifies the issue as low severity, but the CVSS score is 6.5, indicating medium‑level risk. The EPSS score is < 1% and the vulnerability is not listed in CISA’s KEV catalog. To exploit the flaw an attacker must convince a user to load a crafted page in a vulnerable Chrome browser; the attack does not grant code execution or denial of service, but can expose private data across origin boundaries.
OpenCVE Enrichment