Impact
The vulnerability arises from an inappropriate implementation in the Glic component of Google Chrome that allows a remote attacker to cause UI spoofing when a user performs certain UI gestures in response to a crafted HTML page. This can trick users into interacting with a malicious interface that appears legitimate, potentially leading to credential compromise or other unwanted actions. The weakness is represented by UI Redressing, which can manipulate user interactions without requiring code execution or exploitation of the operating system.
Affected Systems
All installations of Google Chrome with a version earlier than 150.0.7871.47 are affected. The issue has been identified in the stable channel before the listed version. Newer releases contain the fix.
Risk and Exploitability
The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, indicating low exposure so far. Because exploitation requires the victim to deliberately perform a UI gesture after visiting a crafted page, an attacker would need to persuade the user to click or interact in a suspicious context. The attack vector is web-based, with no need for local code execution. Although the CVSS severity is rated Low, the potential for social engineering makes it advisable to apply a patch.
OpenCVE Enrichment