Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Network-delivered via crafted page (AV:N), but specific UI gestures raise complexity (AC:H); no auth needed (PR:N); only partial cross-origin confidentiality leak with no integrity or availability impact.
Primary rating from Vendor (google).
CVSS VectorVendor: google
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Inappropriate implementation in DataTransfer in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
AnalysisAI
Cross-origin data leakage in Google Chrome's DataTransfer implementation on macOS exposes sensitive content from one origin to an attacker-controlled page by exploiting improper boundary enforcement during user-driven UI gestures such as drag-and-drop. Versions prior to 150.0.7871.47 on Mac are affected; the flaw is platform-specific to macOS, limiting scope. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires three concurrent conditions: the victim must be running Google Chrome on macOS (not Windows or Linux), the victim must be running a version prior to 150.0.7871.47, and the victim must be socially engineered into performing specific UI gesture sequences (such as drag-and-drop interactions) on an attacker-controlled HTML page. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is low-to-moderate despite the network attack vector. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker hosts a crafted HTML page that embeds a cross-origin resource (such as a sensitive authenticated document) alongside UI elements designed to guide the victim into performing a specific drag-and-drop gesture, such as dragging apparent 'decorative' content across the page. On a macOS Chrome victim visiting this page, the DataTransfer event handler in the crafted page captures cross-origin data that should have been isolated, transmitting it back to the attacker's server. … |
| Remediation | Update Google Chrome on macOS to version 150.0.7871.47 or later immediately; this is the vendor-released patch confirmed by the Chrome stable channel advisory at chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40632
GHSA-378g-rr79-9cqw