Impact
Google Chrome’s Network policy enforcement was insufficient in versions before 150.0.7871.47, permitting a remote attacker to bypass the browser’s content‑security policy. The vulnerability allows the attacker to craft a malicious HTML page that, when opened in Chrome, circumvents the security policy safeguards normally enforced by the browser. This can lead to the execution of injected scripts or other malicious content, potentially compromising user data or enabling further attacks within the victim’s browser context.
Affected Systems
The flaw is present in Google Chrome for desktop operating systems running versions prior to 150.0.7871.47. End‑users of any Chrome installation before this version are susceptible until an update is applied.
Risk and Exploitability
The vulnerability can be exploited remotely by a malicious web page that a user visits. No specific exploit code has been released, and the EPSS score is currently unavailable; the issue is not listed in the CISA KEV catalog. Nevertheless, the attack path is straightforward— a user loads a crafted page— and the lack of policy enforcement opens the door to arbitrary script execution. The CVSS score is low according to Chromium’s internal severity, but the potential impact on confidentiality, integrity, or availability warrants prompt remediation.
OpenCVE Enrichment