Impact
A flaw in Chrome's Speech API policy enforcement in versions before 150.0.7871.47 allows a remote attacker to craft an HTML page that bypasses the browser's same‑origin policy. This could enable unauthorized access to resources or information from other domains that the victim's browser normally protects, affecting the confidentiality of web content. The flaw is rated as low severity by Chromium security.
Affected Systems
The vulnerability exists in all Google Chrome desktop releases prior to 150.0.7871.47. End users running any earlier build of Chrome are potentially affected and will remain vulnerable until they update to the fixed release.
Risk and Exploitability
Because no CVSS or EPSS score is published, the exploitation probability cannot be quantified. The attack vector is remote and only requires that an attacker hosts a malicious HTML page; no authentication or elevated privileges are necessary. The vulnerability is not listed in CISA's KEV catalog. As a result, there is no public exploit code known at this time, but the low severity rating indicates that immediate exploitation is unlikely yet the risk remains.
OpenCVE Enrichment