Inappropriate implementation in History in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Cross-origin data leakage in Google Chrome's PerformanceAPI implementation (versions prior to 150.0.7871.47) allows a remote unauthenticated attacker to infer sensitive data from other browser origins by luring a victim to visit a crafted HTML page. The flaw exploits timing measurements exposed by the Performance API to create a side-channel that bypasses the Same-Origin Policy for limited data reads. No public exploit code or active exploitation (CISA KEV) has been identified; EPSS probability stands at 0.21% (11th percentile), consistent with SSVC's 'exploitation: none' assessment.
Inappropriate implementation in SiteSettings in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
UI spoofing in Google Chrome for iOS prior to version 150.0.7871.47 allows a remote attacker to misrepresent browser interface elements - such as the address bar or origin indicators - by serving a crafted HTML page, potentially deceiving users into trusting malicious content. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) confirms network-reachable exploitation with no privilege requirement but mandatory user interaction, limiting impact to partial integrity loss with no confidentiality or availability effect. No public exploit or active exploitation has been identified; an EPSS score of 0.21% at the 11th percentile indicates very low current exploitation probability, and this vulnerability does not appear in the CISA KEV catalog.
UI spoofing in Google Chrome's Safe Browsing component on iOS enables remote attackers to mislead users through a crafted HTML page, potentially causing them to dismiss or misinterpret security warnings. Only Chrome for iOS versions prior to 150.0.7871.47 are affected; the desktop channel is not impacted by this specific flaw. No public exploit code exists and exploitation probability is very low (EPSS 0.21%, 11th percentile), though the network-accessible, zero-authentication attack surface keeps it relevant where phishing-style delivery is feasible.
UI spoofing via Chrome's Geolocation implementation (versions prior to 150.0.7871.47) allows a remote, unauthenticated attacker to deceive users about the origin or context of geolocation permission requests through a crafted HTML page. Exploitation requires user interaction with the malicious page, limiting automated attack potential. With EPSS at 0.21% (11th percentile), no CISA KEV listing, and no public exploit identified, real-world exploitation risk is low despite the broad deployment footprint of Chrome.
UI spoofing in Google Chrome Enterprise prior to version 150.0.7871.47 allows unauthenticated remote attackers to deceive users into believing they are interacting with legitimate browser UI by serving a crafted HTML page. The root cause is insufficient validation of untrusted HTML input within Chrome's Enterprise component (CWE-20), enabling an attacker to manipulate visual elements such as address bars, dialog prompts, or permission requests. No public exploit has been identified at time of analysis and EPSS sits at 0.21% (11th percentile), indicating low current exploitation probability despite a network-accessible attack vector.
No-referrer policy bypass in Google Chrome for iOS prior to 150.0.7871.47 allows a remote attacker to capture referrer URL information that the browser was supposed to suppress. Exploitation requires user interaction - the victim must visit a crafted HTML page served by the attacker - and exploits a client-side enforcement gap (CWE-602) specific to the iOS build of Chrome. EPSS is 0.19% (9th percentile) and no active exploitation or KEV listing exists, consistent with the Low Chromium severity rating.
Navigation restriction bypass in Google Chrome for iOS prior to 150.0.7871.47 allows a remote, unauthenticated attacker to circumvent browser-enforced navigation controls by delivering a crafted HTML page. The flaw is confined to the iOS platform - Chrome on Android, Windows, macOS, and Linux is unaffected - and requires the victim to actively visit the attacker-controlled page (UI:R). With a CVSS score of 4.3 (Medium), an EPSS of 0.19% (9th percentile), no CISA KEV listing, and a Chromium-internal severity rating of Low, this vulnerability carries minimal real-world exploitation risk but warrants patching given its zero-privilege attack vector.
Same-origin-policy bypass in Google Chrome's Speech component before 150.0.7871.47 lets a remote attacker who lures a victim to a crafted HTML page cross origin boundaries via insufficient policy enforcement. No public exploit identified at time of analysis and EPSS is low (0.18%, 8th percentile); notably, Google's own Chromium team rated this Low severity even though NVD scored it CVSS 9.6, a significant conflict defenders should weigh. Requires user interaction (visiting the page) and affects all Chrome desktop builds prior to the fixed stable release.
Same-origin policy bypass in Google Chrome's Network component (versions prior to 150.0.7871.47) allows a remote attacker to violate cross-origin isolation by delivering a crafted HTML page to a victim. The flaw, rooted in CWE-346 (Origin Validation Error), enables unauthorized cross-origin integrity impacts - an attacker can cause a browser to act on or submit data across origin boundaries it should enforce. With an EPSS of 0.18% at the 8th percentile, no CISA KEV listing, and no public exploit identified, active exploitation risk is low at this time, though Chrome's ubiquitous deployment ensures broad attack surface if exploitation techniques mature.
Content Security Policy bypass in Google Chrome prior to 150.0.7871.47 allows a remote attacker to circumvent network-level policy enforcement by delivering a crafted HTML page to a victim. The Chrome security team internally rated this as Low severity, consistent with the CVSS 4.3 score and an impact limited to integrity (I:L) with no confidentiality or availability consequences. No public exploit code or active exploitation has been identified; EPSS places this in the 8th percentile of exploitation likelihood.
Navigation restriction bypass in Google Chrome's WebXR component affects all versions prior to 150.0.7871.47, exploitable by a remote unauthenticated attacker who can induce a user to visit a crafted HTML page. The root cause is insufficient input validation (CWE-20) within the WebXR subsystem, resulting in limited integrity impact via unauthorized navigation. No public exploit exists and EPSS sits at 0.18% (8th percentile), consistent with the Chromium team's own Low severity classification - this represents a genuine but low-priority risk.
Same-origin policy bypass in Google Chrome's FedCM (Federated Credential Management) implementation allows remote attackers to perform limited cross-origin integrity manipulation by luring a victim to a crafted HTML page. All Chrome versions prior to 150.0.7871.47 are affected. With an EPSS of 0.18% (8th percentile), no CISA KEV listing, and no public exploit identified, this represents a low-probability exploitation scenario despite being trivially deliverable via a web page.
Navigation restriction bypass in Google Chrome prior to 150.0.7871.47 allows a remote attacker to circumvent network-layer policy enforcement by inducing a user to visit a specially crafted HTML page. Rooted in CWE-602 (client-side enforcement of server-side security), the flaw means Chrome's network policy checks governing navigation can be subverted client-side, yielding a low-integrity impact with no confidentiality or availability consequence. No public exploit has been identified and the EPSS exploitation probability stands at 0.18% (8th percentile), consistent with Chromium's own 'Low' severity rating - this is a low-urgency but genuine policy-enforcement gap.
FileSystem policy enforcement bypass in Google Chrome prior to version 150.0.7871.47 allows a remote attacker to circumvent discretionary access control via a crafted HTML page, resulting in limited unauthorized write operations within the browser's sandboxed filesystem scope. The vulnerability requires user interaction - the victim must navigate to a malicious page - and produces only an integrity impact (I:L) with no confidentiality or availability consequence. With an EPSS of 0.18% (8th percentile) and no CISA KEV listing, real-world exploitation probability is very low; no public exploit has been identified at time of analysis.
Same-origin policy bypass in Google Chrome's CustomTabs component on Android (versions prior to 150.0.7871.47) permits remote attackers to perform limited cross-origin integrity violations by directing a victim to a crafted HTML page. The flaw is classified as CWE-346 (Origin Validation Error), meaning Chrome's CustomTabs implementation incorrectly validates or enforces origin boundaries when rendering attacker-controlled content. No active exploitation has been confirmed (not in CISA KEV) and the EPSS score of 0.18% (8th percentile) reflects very low observed exploitation probability, consistent with the Low severity rating assigned by the Chromium security team.
Same-origin policy bypass in Google Chrome's GetUserMedia implementation prior to version 150.0.7871.47 allows a remote, unauthenticated attacker to achieve limited cross-origin integrity impact by delivering a crafted HTML page to a victim. Chromium's own severity classification is Low, consistent with the CVSS 4.3 score and an EPSS exploitation probability of just 0.18% (8th percentile). No public exploit code and no active exploitation have been identified at time of analysis; Google has issued a remediated build in Chrome 150.0.7871.47.
WebXR implementation flaw in Google Chrome on Android prior to 150.0.7871.47 permits remote attackers to bypass navigation restrictions by delivering a crafted HTML page to a victim. The vulnerability is Android-specific and requires user interaction to trigger, constraining its reach. With no CISA KEV listing, no public exploit identified at time of analysis, and an EPSS of 0.18% (8th percentile), this represents a low-priority integrity issue that Google itself rates as Low severity.
Incorrect security UI in Passwords in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Domain spoofing via incorrect security UI in Google Chrome's Document Picture-in-Picture feature on Android (prior to 150.0.7871.47) allows a remote attacker to deceive users about the origin of displayed content. By serving a crafted HTML page, an attacker can cause Chrome on Android to render a misleading security UI - misrepresenting the domain shown to the user. No public exploit has been identified at time of analysis, EPSS sits at 0.18% (8th percentile), and SSVC rates exploitation as none, making this a low operational priority despite its network-accessible attack vector.
Insufficient validation of untrusted input in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
UI spoofing in Google Chrome's Omnibox (address bar) prior to version 150.0.7871.47 allows a remote attacker to misrepresent origin or security indicators to a victim via a crafted HTML page. Rooted in CWE-451 (misrepresentation of critical security information), the flaw can enable phishing or origin-confusion attacks by deceiving users into trusting a false domain indicator. No public exploit code exists, CISA SSVC rates exploitation as none, and the EPSS score of 0.18% (8th percentile) confirms this is low-priority outside phishing-sensitive deployments.
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in Printing in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Omnibox (URL bar) spoofing in Google Chrome for iOS prior to 150.0.7871.47 allows a remote attacker to display a fraudulent URL in the browser's address bar by delivering a crafted HTML page. The root cause is classified as CWE-451 (UI Misrepresentation of Critical Information), meaning the security UI fails to accurately reflect the true origin of displayed content - a condition that directly undermines phishing defenses. No public exploit code has been identified at time of analysis, and the EPSS score of 0.18% (8th percentile) indicates very low observed exploitation pressure, consistent with the Chromium team's own 'Low' severity rating.
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in DarkMode in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Unauthorized user profile disclosure in Red Hat Build of Keycloak allows low-privileged administrative users to bypass Fine-Grained Admin Permission (FGAPv2) restrictions and access complete user profiles they should only be permitted to search. An admin scoped exclusively to user-search rights can invoke the 'brute-force-user' endpoint to retrieve sensitive profile data and security metadata, circumventing the intended view-permission gate on that code path. No public exploit has been identified and the flaw is not listed in CISA KEV, but its network-accessible, low-complexity nature makes it straightforward to abuse within any Keycloak deployment that has activated FGAPv2 permission delegation.
Inappropriate implementation in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Domain spoofing in Google Chrome for Android (versions prior to 150.0.7871.47) allows remote attackers to deceive users about the origin of a webpage by exploiting incorrect rendering of security-critical UI elements via a crafted HTML page. User interaction is required - the victim must navigate to the attacker-controlled page - and impact is limited to integrity (UI misrepresentation), with no direct confidentiality or availability consequences. No active exploitation is confirmed (not in CISA KEV) and EPSS of 0.17% at the 7th percentile reflects minimal real-world exploitation activity; Google itself rates this 'Low' severity.
UI spoofing in Google Chrome's PopupBlocker component (all versions prior to 150.0.7871.47) enables a remote attacker who has already compromised the Chrome renderer process to manipulate browser UI elements through a crafted HTML page. The integrity impact is limited to UI deception - no code execution, credential theft, or availability impact is possible through this flaw alone. EPSS at 0.17% (7th percentile) and Chromium's own 'Low' severity rating align with the constrained exploit chain; no public exploit or CISA KEV listing exists at time of analysis.
Inappropriate implementation in Select in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Cross-origin data leakage in Google Chrome's Extensions subsystem (versions prior to 150.0.7871.47) enables a remote attacker - who has first achieved renderer process compromise - to bypass same-origin policy enforcement and read cross-origin data via a specially crafted HTML page. The flaw is classified as CWE-346 (Origin Validation Error) and rated Low severity by the Chromium security team. EPSS is extremely low at 0.17% (7th percentile), no CISA KEV listing exists, and no public exploit code has been identified, consistent with the significant chained exploitation barrier imposed by the renderer-compromise prerequisite.
Cross-origin data leakage in Google Chrome's Network component (versions prior to 150.0.7871.47) enables a remote attacker who has already compromised the renderer process to exfiltrate cross-origin data via a specially crafted HTML page. This is a chained vulnerability - renderer-process compromise is a hard prerequisite, meaning real-world risk is substantially lower than the network-accessible CVSS vector implies. No public exploit code has been identified and EPSS sits at the 7th percentile (0.17%), consistent with limited exploitation interest. Google has released a fix in the stable channel update to 150.0.7871.47.
Inappropriate implementation in Isolated Web Apps in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in File Input in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
UI spoofing in Google Chrome's WebXR subsystem (versions prior to 150.0.7871.47) is achievable by an attacker who has already compromised the renderer process, allowing manipulation of browser UI elements via a crafted HTML page. The vulnerability is a second-stage attack component, not a standalone entry point - exploitation chains through a separate renderer compromise before WebXR's insufficient input validation can be abused. EPSS at 0.17% (7th percentile) and no CISA KEV listing indicate minimal observed exploitation activity; patch is available as of Chrome 150.0.7871.47.
UI spoofing in Google Chrome prior to version 150.0.7871.47 is caused by an inappropriate SVG rendering implementation, enabling remote attackers to visually misrepresent browser UI elements through a crafted HTML page. Exploitation requires user interaction - the victim must visit a malicious page - and the direct impact is limited to integrity via visual deception, with no confidentiality or availability consequence. No public exploit has been identified and the EPSS score of 0.17% (7th percentile) confirms minimal exploitation activity at time of analysis.
Inappropriate implementation in Credential Management in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Incorrect security UI in Mobile in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
UI spoofing in Google Chrome's TabStrip component, fixed in version 150.0.7871.47, enables remote attackers to misrepresent browser security indicators through specially crafted HTML pages. The incorrect security UI rendering in the tab strip allows an attacker to deceive users about the true origin or security state of a webpage, creating phishing-enablement risk. No public exploit code and an EPSS of 0.17% (7th percentile) indicate low exploitation likelihood at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Navigation restriction bypass in Google Chrome for Android (prior to 150.0.7871.47) allows a remote attacker to circumvent browser navigation controls through crafted malicious network traffic targeting the TabSwitcher component. The flaw stems from insufficient input validation (CWE-20) in the tab management UI and requires user interaction to trigger, limiting its practical reach. With an EPSS score of 0.17% (7th percentile), no public exploit code, no CISA KEV listing, and Chromium's own internal severity rating of Low, real-world exploitation risk is minimal despite network reachability.
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)
Content Security Policy bypass in Google Chrome's Extensions subsystem prior to version 150.0.7871.47 allows an attacker who socially engineers a victim into installing a crafted malicious extension to circumvent CSP protections, yielding limited integrity impact. CVSS UI:R and EPSS at 0.12% (2nd percentile) confirm this is a low-probability, user-interaction-dependent attack with no confidentiality or availability consequence. No KEV listing, no known POC, and Google's own 'Low' severity rating collectively position this as a low operational priority despite broad product prevalence.
PostgreSQL Anonymizer's anon.hash() function exposes its internal salt to masked database users through an offline brute-force attack, undermining the core pseudonymization guarantee of the extension. Masked roles - the primary consumer of this extension - can call anon.hash() with arbitrary seed inputs and accumulate (seed, hash_output) pairs to deduce the salt offline, after which all pseudonymized values in the database become reversible. No active exploitation or public proof-of-concept has been identified; a vendor-confirmed fix is available in version 3.1.2.