Impact
The vulnerability lies in an incorrect handling of dark mode rendering in Google Chrome versions before 150.0.7871.47. A remote attacker can craft an HTML page that tricks users by imitating the browser’s user interface, potentially leading to deceptive interactions. This is a classic UI spoofing weakness that can defraud users into believing they are interacting with and integrity of user actions.
Affected Systems
All users running the Chrome desktop browser with a version earlier than 150.0.7871.47 are affected, regardless of operating system or locale. Only the stable channel is mentioned in the references, but any installation that has not yet received the 150.0.7871.47 update is vulnerable.
Risk and Exploitability
The official Chromium severity is Low, and the EPSS score is not available, indicating a modest likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog and has no known exploits at the time of analysis. The attack vector is likely a network-based one where a malicious web page is served to the user; successful exploitation requires the user to load the crafted page in Chrome. Given the low severity rating and lack of active exploitation, provided users employ standard safe browsing practices.
OpenCVE Enrichment