Chromium’s policy enforcement for History Navigation failed to guard against the injection of arbitrary scripts or HTML when a user performed specific UI gestures on a crafted web page. An attacker who successfully lures a user into such gestures could cause the browser to execute malicious code embedded in the page, leading to style or script collateral damage but not necessarily full system compromise. The vulnerability is considered a low‑severity UXSS, implying limited impact on confidentiality or integrity should the user remain within the same browser context.

The flaw affects Google Chrome versions prior to 147.0.7727.55. All operating systems running these earlier Chrome releases are susceptible; newer releases include the bug fix and are unaffected.

The CVSS score is low and no EPSS data is available, and the vulnerability is not listed in CISA’s KEV catalog, indicating a modest risk to the wider community. Successful exploitation requires user engagement and explicit UI gestures, which are typically achieved through a social‑engineering front. Because the attacker must convince a user to interact with a specially crafted page, the likelihood of widescale automatic exploitation is low, but targeted phishing attacks could still achieve the necessary conditions.