Impact
Google Chrome versions prior to 150.0.7871.47 contain insufficient data validation in the NetworkCache component, which is responsible for handling cached network responses. The flaw allows a remote attacker to construct a crafted HTML page that, when loaded by a user, can read or leak data that originated from a different website. The primary impact is a confidentiality breach; the vulnerability does not provide arbitrary code execution or broader system compromise.
Affected Systems
All Google Chrome desktop installations running a version older than 150.0.7871.47 are affected. The vulnerability exists specifically in the network cache handling of data fetched from other origins.
Risk and Exploitability
The EPSS score is not available and the vulnerability is not listed in CISA KEV, suggesting no known large-scale exploitation. The attack vector is inferred to be a malicious or compromised web page that serves the crafted HTML to a user. An attacker who can serve such a page can potentially steal cross-origin data through the vulnerable NetworkCache. Given the low Chromium severity and lack of exploitation evidence, the immediate risk to the general user base is low, yet the confidentiality impact warrants prompt remediation.
OpenCVE Enrichment