Impact
The vulnerability arises from an improper separation of input contexts in Chrome’s Android renderer, allowing data from a different origin to be accessed once the renderer is compromised. This flaw does not grant code execution or privilege escalation but exposes sensitive information from unrelated web pages, thereby violating confidentiality. The exploit relies on a pre‑existing compromise of the renderer process; without that foothold, the attacker cannot reach the vulnerability.
Affected Systems
Google Chrome for Android prior to version 150.0.7871.47 is affected. Users running these builds are susceptible to cross‑origin data leakage if a malicious renderer process can be introduced.
Risk and Exploitability
Chromium labels the issue as low severity and does not publish a CVSS score. EPSS is not available, and the vulnerability is not in CISA’s KEV list. The need for a compromised renderer constrains the attack surface; no public exploit is known. Updating to the patched release removes the flaw, mitigating risk.
OpenCVE Enrichment