Impact
An inappropriate implementation in Google Chrome’s DevTools prior to version 150.0.7871.47 allows an attacker who convinces a user to install a malicious extension to perform UI spoofing through a crafted Chrome Extension. The flaw enables the attacker to alter the appearance of the browser’s user interface, potentially misleading the user into performing actions they intend to avoid. The vulnerability is categorized under low severity by Chromium, indicating limited impact when properly mitigated.
Affected Systems
Any user of Google Chrome versions earlier than 150.0.7871.47 who installs a malicious extension. The affected product is Chrome for desktop platforms. No additional vendor or product variants are listed.
Risk and Exploitability
The attack vector is likely user manipulation: the attacker must persuade a user to install a malicious extension. Because the flaw resides in the DevTools context, exploitation does not require network-level access or elevated privileges. No public exploits are currently listed and the EPSS score is unavailable, suggesting low probability of widespread exploitation. The vulnerability is not registered in the CISA KEV catalog, further indicating limited immediate threat. However, the possibility of UI deception raises concern for user trust and phishing potential. Mitigation is primarily through updating to the patched Chrome release.
OpenCVE Enrichment