Content Settings policy enforcement bypass in Google Chrome prior to 149.0.7827.53 enables remote attackers to circumvent discretionary access control by delivering a crafted HTML page to a victim who must interact with it. Rooted in CWE-284 (Improper Access Control), the flaw affects Chrome's Content Settings subsystem - which governs site-level permissions such as cookies, notifications, and script access - yielding a limited integrity impact with no confidentiality or availability consequences. No public exploit has been identified and the vulnerability is absent from CISA KEV; the vendor itself rates this as Low severity, consistent with the CVSS 4.3 base score.
UI spoofing in Google Chrome's Permissions implementation prior to version 149.0.7827.53 allows a remote, unauthenticated attacker to deceive users through manipulated browser permission dialogs via a crafted HTML page. Exploitation requires user interaction - a victim must visit a malicious page - and the real-world impact is limited to low-integrity outcomes such as misleading users into granting or denying permissions under false pretenses. No public exploit code exists and this vulnerability has not been added to the CISA KEV catalog at time of analysis.
Cross-origin data leakage in Google Chrome's Permissions subsystem (prior to 149.0.7827.53) enables remote unauthenticated attackers to read data across origin boundaries via a crafted HTML page. The flaw, classified as a race condition (CWE-362) in the Permissions implementation, undermines the browser's Same-Origin Policy enforcement - a foundational web isolation mechanism. No public exploit identified at time of analysis; a vendor-released patch is available in version 149.0.7827.53, and Google has rated this Low severity in Chromium security terms.
Insufficient policy enforcement in Google Chrome for iOS (prior to 149.0.7827.53) allows remote unauthenticated attackers to bypass discretionary access controls via a crafted HTML page, resulting in limited integrity impact. User interaction is required, and exploitation probability is extremely low - EPSS sits at 0.02% (4th percentile). No public exploit identified at time of analysis, and Chromium's own security team rated this as 'Low' severity, consistent with the CVSS 4.3 score and SSVC's 'partial' technical impact assessment.
Same-origin policy bypass in Google Chrome on iOS prior to 149.0.7827.53 allows a remote, unauthenticated attacker to violate cross-origin isolation by delivering a crafted HTML page to a victim. The flaw stems from an inappropriate implementation (CWE-346) in the iOS-specific Chrome codebase, meaning the iOS browser incorrectly validates origin boundaries in a way the desktop build does not. No active exploitation is confirmed (no CISA KEV listing), EPSS is 0.02% (4th percentile), and SSVC rates exploitation as none - placing this firmly in a routine patching priority rather than an emergency response.
Content Security Policy bypass in Google Chrome's Blink rendering engine (versions prior to 149.0.7827.53) enables unauthenticated remote attackers to circumvent CSP directives by delivering a crafted HTML page that requires only a user visit to trigger. The impact is confined to low-severity integrity violations (CVSS I:L) with no confidentiality or availability consequences, consistent with Chromium's own Low severity rating. No public exploit has been identified at time of analysis, and an EPSS score of 0.02% (4th percentile) reflects negligible near-term exploitation probability.
Same-origin policy bypass in Google Chrome's Android Autofill implementation allows remote unauthenticated attackers to perform limited cross-origin integrity violations by delivering a crafted HTML page to a victim user. Affected are all Chrome for Android versions prior to 149.0.7827.53. Impact is constrained to integrity (I:L) with no confidentiality or availability consequence, consistent with Chromium's own 'Low' severity rating. No public exploit code exists and no active exploitation has been confirmed; EPSS exploitation probability sits at 0.02% (4th percentile), making this a low operational priority despite being network-reachable.
Insufficient policy enforcement in Google Chrome for iOS (prior to 149.0.7827.53) enables remote attackers to bypass discretionary access controls by directing a victim to a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) confirms the attack is network-reachable, requires no authentication, and produces a limited integrity impact with no confidentiality or availability consequences. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects very low exploitation probability; Chromium internally rated this Low severity.
Navigation restriction bypass in Google Chrome's DOM Distiller component on iOS allows a remote attacker to circumvent page navigation controls by serving a specially crafted HTML page. Affected users are running Chrome on iOS prior to version 149.0.7827.53, and exploitation requires the victim to visit an attacker-controlled page. No public exploit identified at time of analysis and EPSS probability sits at 0.02% (4th percentile), consistent with the vendor's own 'Low' severity classification - real-world impact is limited to integrity degradation with no confidentiality or availability consequence.
SafeBrowsing protection mechanism bypass in Google Chrome prior to version 149.0.7827.53 allows remote unauthenticated attackers to deliver malicious files that evade Chrome's built-in phishing and malware detection layer. The bypass is triggered through user interaction - such as visiting a crafted page or downloading a manipulated file - without requiring any special privileges or configuration. No public exploit has been identified and EPSS is 0.02% (4th percentile), indicating low current exploitation probability; however, successful exploitation silently removes a critical user-facing protection layer, enabling downstream malware delivery.
Content Security Policy bypass in Google Chrome prior to version 149.0.7827.53 enables remote attackers to circumvent CSP protections via a crafted HTML page, with the victim's browser failing to enforce declared content restrictions. The vulnerability requires user interaction (UI:R) and produces limited integrity impact (I:L) only - no confidentiality or availability loss. EPSS at 0.02% (4th percentile) and no CISA KEV listing indicate negligible current exploitation activity; Chromium has internally rated this Low severity, aligning with the constrained impact scope.
Navigation restriction bypass in Google Chrome prior to 149.0.7827.53 allows a remote unauthenticated attacker to circumvent browser-enforced navigation controls by delivering a crafted HTML page to a victim. The flaw is classified by Google as an inappropriate implementation in the browser component, carrying a CVSS 4.3 (Medium) with limited integrity impact and no confidentiality or availability consequence. No public exploit has been identified at time of analysis, EPSS exploitation probability stands at 0.02% (4th percentile), and Google's internal Chromium severity rating is Low - consistent signals pointing to a low-urgency, routine-patch item outside of specialized deployment contexts.
Content Security Policy bypass in Google Chrome prior to 149.0.7827.53 stems from an inappropriate implementation in the browser's Permissions subsystem, enabling a remote attacker to circumvent CSP restrictions through a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) confirms the impact is limited to a partial integrity violation - no confidentiality or availability consequences are indicated. No public exploit identified at time of analysis; EPSS at 0.01% (2nd percentile) and Chromium's own 'Low' severity rating together indicate very low near-term exploitation likelihood.
Content Security Policy bypass in Google Chrome prior to 149.0.7827.53 allows a remote attacker who convinces a victim to install a crafted malicious extension to circumvent CSP protections on web pages, enabling unauthorized content injection. The flaw stems from insufficient policy enforcement in Chrome's Extensions subsystem (CWE-602), rated Low severity by the Chromium security team with a CVSS base score of 4.3. No public exploit code exists and no active exploitation has been confirmed; EPSS is 0.01% (1st percentile), reflecting minimal real-world exploitation pressure at time of analysis.
Uninitialized heap read in 7-Zip's SquashFS archive handler (versions 9.18 through 26.00) can crash the application and leak raw heap memory contents when a user opens a specially crafted archive. The flaw originates in the `_blockToNode` array, which is allocated but never zero-initialized; an attacker-controlled `blockIndex` derived from the RootInode superblock field drives a binary search over uninitialized slots, producing a chained out-of-bounds read with no write primitive. No public exploit has been identified at time of analysis, and the description explicitly characterizes exploitation as heap-layout-dependent and not reliably triggerable, which is consistent with the CVSS AC:H rating and limits practical risk despite the network-deliverable attack surface.
Path traversal vulnerabilities in Flux source-controller (CWE-23) expose two distinct attack surfaces on the controller pod. In the Bucket reconciler, an actor who can influence object keys in a referenced bucket can cause source-controller to write fetched data to arbitrary paths on the pod filesystem, escaping the per-reconciliation working directory sandbox. Separately, authenticated Kubernetes users with GitRepository create/update RBAC permissions can exploit the sparse-checkout feature (v1.6.0+) to enumerate file paths on the controller pod via the resource's status field. Both issues are patched in source-controller v1.8.5; no public exploit has been identified at time of analysis and this CVE is not listed in CISA KEV.