Impact
The vulnerability is a flaw in Chrome’s navigation handling that allows a remote attacker to bypass the browser’s site isolation. By delivering a specially crafted HTML page, an attacker can force Chrome to load contents that should be isolated into separate processes, potentially exposing confidential data or allowing malicious code to interact with other sites in the same process. The weakness is of medium severity in Chromium’s assessment.
Affected Systems
Google Chrome browsers earlier than version 150.0.7871.115 are affected. The vulnerability applies to all platform builds of Chrome prior to this release.
Risk and Exploitability
The exploit requires the victim to visit a malicious webpage that serves the crafted HTML. No publicly disclosed exploits are known, and the VP is the typical remote <= web page. Because EPSS data is not available and the issue is not listed in KEV, the perceived risk is moderate, but site isolation bypass can lead to significant data leakage. Users on older Chrome versions are advised to apply the forthcoming patch as soon as it becomes available.
OpenCVE Enrichment