Impact
Insufficient policy enforcement in the navigation handling component of Google Chrome allowed a malicious actor to craft an HTML page that, when loaded, bypasses the browser’s site isolation protection. This failure undermines the isolation boundaries that normally keep separate web origins from interacting, potentially enabling a user to access sensitive information or execute operations in a context that should be segregated. The underlying weakness reflects a lack of proper policy validation and enforcement, which can lead to confidentiality and integrity exposures in the browser environment.
Affected Systems
All installations of Google Chrome prior to version 150.0.7871.115 are affected. No additional vendor or product variants are listed.
Risk and Exploitability
The vulnerability carries a high severity rating within the Chromium security model and can be exploited remotely via a specially crafted HTML page served over the network. The attack does not require elevated privileges or local access; it relies solely on the victim’s browser rendering a malicious page. EPSS data is not available and the CVE is not listed in the CISA KEV catalog, indicating no publicly known exploit at the time of analysis. However, the potential impact remains significant due to the fundamental nature of site isolation in protecting multiple web contents from one another.
OpenCVE Enrichment