Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Requires visiting a crafted page (UI:R) with no auth (PR:N); a Bluetooth policy bypass the vendor rates 'Low' implies limited confidentiality and integrity impact, not high-tier C/I/A.
Primary rating from Vendor (google).
CVSS VectorVendor: google
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
AnalysisAI
Privilege escalation in Google Chrome desktop before 150.0.7871.47 stems from insufficient policy enforcement in the Bluetooth subsystem, letting a remote attacker who lures a victim to a crafted HTML page cross a security boundary the browser is supposed to guard. Google's Chrome release channel and the NVD-assigned CVSS 3.1 base score of 8.8 (High) diverge from Chromium's own internal 'Low' severity rating, signaling the practical impact is likely narrower than the raw score implies. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to actively open or visit an attacker-controlled crafted HTML page (CVSS UI:R makes user interaction mandatory), so it cannot be triggered silently at scale. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals conflict and should be weighed rather than taken at face value. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker hosts a crafted HTML page and lures a victim to open it via a phishing link, malicious ad, or compromised site; on load, the page abuses the Bluetooth policy-enforcement gap to reach an access or action boundary that browser policy should have blocked, achieving the described privilege escalation. No public exploit code has been identified, and success depends on the user actually visiting the page (UI:R). |
| Remediation | Vendor-released patch: update Google Chrome to 150.0.7871.47 or later on all desktop platforms; this is delivered automatically through Chrome's built-in updater, so verify auto-update is enabled and relaunch to apply it (visiting chrome://settings/help forces the check). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit Chrome version distribution across the organization to identify systems running versions prior to 150.0.7871.47. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Privilege Escalation
View allVendor StatusVendor
SUSE
Severity: Important| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40723
GHSA-jvh2-c5pp-79jm