Impact
A flaw in WebGL handling within Google Chrome, prior to version 150.0.7871.115, permits an attacker to inject arbitrary scripts or HTML through a crafted webpage. This injection can execute malicious code in the context of the victim’s browser, compromising the confidentiality, integrity, and availability of data accessed by the page. The issue is classified by Chromium security as high severity, indicating that affected users face serious risks if the vulnerability is exploited.
Affected Systems
All users of Google Chrome whose browser version is earlier than 150.0.7871.115 are affected. The vulnerability is tied specifically to the Chrome product from Google.
Risk and Exploitability
The vulnerability can be triggered remotely by delivering a maliciously crafted HTML page to a user who opens it in the affected browser. Although no EPSS score is available and the vulnerability is not listed in CISA’s KEV catalog, its high severity rating and the ability to execute code suggest a significant risk if exploited. No additional conditions or credentials are required to exploit the flaw; any user browsing a malicious page could be impacted.
OpenCVE Enrichment