This vulnerability allows a remote attacker to craft an HTML page that causes Google Chrome’s Blink rendering engine to display an incorrect security UI, effectively enabling UI spoofing. The flawed UI presentation can deceive users into believing they are interacting with a trusted site, thereby increasing the risk of credential theft or other social engineering attacks. The described weakness is rated Medium in severity by Chromium’s own assessment.

Google Chrome versions older than 147.0.7727.55 are affected, regardless of the underlying operating system. Chrome runs on the major desktop platforms indicated by the included CPEs—macOS, Windows, and Linux—so any user of those systems with an outdated Chrome installation is potentially vulnerable.

The CVSS score of 4.3 classifies this as a medium‑severity weakness, and the EPSS score below 1 % indicates a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, corroborating its lower threat level. Exploitation requires the attacker to host a malicious page that the victim visits, so user interaction is a prerequisite. While the impact does not allow direct code execution or system compromise, it can facilitate phishing or credential compromise, motivating prompt mitigation.