Suse
Monthly
Denial of service in dhcpcd's IPv6 Neighbor Discovery Router Advertisement parser allows an adjacent unauthenticated attacker to exhaust CPU resources on any host running dhcpcd with IPv6 enabled. The flaw (CWE-835 - infinite loop) arises because a zero-length Neighbor Discovery option passes initial storage validation but is later reparsed without sufficient bounds enforcement, causing the parser to loop indefinitely without advancing. No active exploitation is confirmed (not in CISA KEV), but the adjacent-network attack vector and zero-privilege requirement make this actionable on shared Layer-2 environments such as enterprise Wi-Fi, cloud VLANs, and data-center segments.
Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
Cross-origin data leakage in Google Chrome prior to 150.0.7871.47 exposes sensitive user data from other origins when a victim visits a specially crafted HTML page that exploits insufficient policy enforcement in the StorageAccessAPI. The API, designed to manage third-party storage access in privacy-restricting browser contexts, fails to enforce cross-origin boundaries correctly, allowing an attacker to read data belonging to unrelated origins. No active exploitation has been confirmed - CVE is absent from CISA KEV, EPSS rates exploitation likelihood at 0.17% (7th percentile), and SSVC classifies exploitation status as none - though the CVSS confidentiality impact is rated High.
UI spoofing in Google Chrome's DevTools component allows an attacker to misrepresent critical interface information to users who have been socially engineered into installing a malicious Chrome Extension. Affected versions are all Chrome releases prior to 150.0.7871.47. The flaw stems from an inappropriate implementation (CWE-451) in DevTools, enabling an extension to manipulate how DevTools renders UI elements - potentially deceiving developers or power users into trusting falsified debugging output or security indicators. No public exploit code has been identified at time of analysis, and this vulnerability is not in the CISA KEV catalog.
UI spoofing in the Glic component of Google Chrome (all versions prior to 150.0.7871.47) enables a remote attacker to misrepresent browser interface elements via a crafted HTML page, provided the victim is socially engineered into performing specific UI gestures. The CVSS vector (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) assigns high confidentiality impact, suggesting the spoofed UI can be leveraged to elicit disclosure of sensitive information such as credentials or session data. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis.
Sandbox escape in Google Chrome's ANGLE graphics layer (versions prior to 150.0.7871.47) lets an attacker who has already compromised the renderer process break out of the renderer sandbox via a crafted HTML page. The flaw is a CWE-787 out-of-bounds read and write; Google's own Chromium team rated the security severity as Low, and there is no public exploit identified at time of analysis. EPSS estimates only a 0.17% (7th percentile) chance of exploitation, and the vulnerability is not listed in CISA KEV.
Sandbox escape in Google Chrome desktop before 150.0.7871.47 lets an attacker who has already compromised the renderer process break out of the security sandbox using a crafted HTML page, elevating from a contained renderer to broader host access. Rooted in CWE-669 (incorrect resource transfer between spheres) within Chrome's AI component, it carries a CVSS 8.3 (scope-changed) rating despite Google's own 'Low' Chromium severity, reflecting the fact that it is a second-stage escape rather than a standalone entry point. There is no public exploit identified at time of analysis, EPSS exploitation probability is low (0.17%, 7th percentile), and it is not listed in CISA KEV.
UI spoofing via the Speech component in Google Chrome prior to 150.0.7871.47 requires an attacker to have already compromised the renderer process, making this a chained, second-stage exploit rather than a standalone remote attack. The vulnerability stems from insufficient input validation (CWE-20) in Chrome's Speech subsystem, enabling a renderer-compromised attacker to manipulate browser UI elements through a crafted HTML page. No public exploit code exists, SSVC assessment confirms no active exploitation, and an EPSS score of 0.17% (7th percentile) reflects a very low probability of mass exploitation - consistent with Google's own 'Low' internal severity rating.
Use after free in Audio in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
Type confusion in the CSS processing engine of Google Chrome prior to 150.0.7871.47 enables remote attackers to read potentially sensitive data from renderer process memory by delivering a crafted HTML page to a victim. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms network delivery with no attacker privileges required, though a single user interaction - visiting the malicious page - is necessary. No public exploit code has been identified, CISA SSVC rates exploitation as none at time of analysis, and Chromium's own team classified severity as Low, suggesting limited practical memory disclosure value despite the NVD CVSS C:H rating.
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)
Cross-origin data leak in Google Chrome's CSS implementation (versions prior to 150.0.7871.47) enables remote attackers to exfiltrate sensitive data from other origins when a victim visits a specially crafted HTML page. The vulnerability stems from inappropriate CSS handling that creates a side-channel bypassing same-origin policy protections, resulting in high-confidentiality-impact information disclosure with no integrity or availability consequences. No public exploit has been identified and exploitation has not been observed in the wild; CISA SSVC rates exploitation as none and technical impact as partial, aligning with Google's internal Low severity classification despite the NVD CVSS 6.5 score.
Universal Cross-Site Scripting (UXSS) in Google Chrome's CSS implementation prior to 150.0.7871.47 allows a remote attacker to inject arbitrary scripts or HTML by luring a user to a crafted web page, with the scope change (S:C) in the CVSS vector indicating potential Same-Origin Policy bypass affecting other loaded origins. No public exploit or active exploitation is identified at time of analysis - EPSS sits at 0.17% (6th percentile) and SSVC exploitation status is rated 'none.' A vendor-released patch is available in stable channel 150.0.7871.47.
UI spoofing in Google Chrome's Views component (versions prior to 150.0.7871.47) allows a remote attacker to misrepresent security-critical browser interface elements through a crafted HTML page. Exploitation requires convincing a target user to perform specific UI gestures, making the attack conditional on social engineering. No public exploit has been identified and this vulnerability is not listed in the CISA KEV catalog; Google has released a patch as part of the stable channel update.
Incorrect security UI in Passwords in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
UI spoofing in Google Chrome's Extensions implementation (all versions prior to 150.0.7871.47) enables a remote attacker - who has already achieved renderer process compromise via a separate exploit - to render deceptive UI elements through a crafted HTML page, potentially misleading users into unintended interactions. The vulnerability carries a CVSS 5.4 Medium score, though Chromium's internal rating is Low, and the EPSS score of 0.18% (8th percentile) reflects minimal exploitation probability. No public exploit code and no active exploitation (CISA KEV) have been identified at time of analysis.
Domain spoofing via incorrect security UI in Google Chrome's Document Picture-in-Picture feature on Android (prior to 150.0.7871.47) allows a remote attacker to deceive users about the origin of displayed content. By serving a crafted HTML page, an attacker can cause Chrome on Android to render a misleading security UI - misrepresenting the domain shown to the user. No public exploit has been identified at time of analysis, EPSS sits at 0.18% (8th percentile), and SSVC rates exploitation as none, making this a low operational priority despite its network-accessible attack vector.
Insufficient validation of untrusted input in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
UI spoofing in Google Chrome's TabStrip component prior to version 150.0.7871.47 allows a remote attacker to misrepresent tab or page identity through a crafted HTML page, contingent on convincing the victim to perform specific UI gestures. The CVSS vector (AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L) places real-world risk in the lower tier: high attack complexity, mandatory user interaction, and no confidentiality impact combine to limit practical exploitation. No public exploit code exists and CISA has not added this to the KEV catalog, consistent with Google's own Low severity classification.
UI spoofing in Google Chrome's WebAppInstalls component on Windows (versions prior to 150.0.7871.47) enables a remote attacker to misrepresent the browser interface by luring a user into performing specific UI interaction gestures on a crafted HTML page. The flaw is Windows-platform-specific and rooted in an inappropriate implementation of the Progressive Web App installation UI flow. Google rates this Low severity; no public exploit identified at time of analysis, and EPSS data is not present in the provided intelligence, but the CVSS 4.2 score and required high-complexity user interaction significantly limit real-world risk.
UI spoofing in Google Chrome for iOS prior to 150.0.7871.47 allows a remote attacker to manipulate browser interface elements via a crafted HTML page, provided the attacker can lure the victim into performing specific UI gestures. The root cause is insufficient validation of untrusted HTML input (CWE-20) within Chrome's iOS-specific rendering layer, resulting in low-integrity and low-availability impact. No public exploit code has been identified at time of analysis, and this vulnerability has not been added to the CISA KEV catalog; Chromium's own severity classification is Low.
Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
UI spoofing in Google Chrome's Network component (versions prior to 150.0.7871.47) can be triggered by a remote attacker who has already compromised the renderer process, allowing browser UI elements to be faked via a crafted HTML page. This is a chained exploit - not a standalone flaw - requiring both prior renderer compromise and user interaction, which significantly constrains real-world risk. No public exploit code exists and no confirmed active exploitation has been recorded; EPSS at 0.18% (8th percentile) and Chromium's own 'Low' severity rating reinforce this assessment.
Inappropriate implementation in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
UI spoofing via race condition in Google Chrome's History Embeddings component (versions prior to 150.0.7871.47) enables remote attackers to present falsified browser interface elements to users through a crafted HTML page. The flaw requires both high attack complexity - a precisely timed race window - and victim interaction, yielding only limited confidentiality and integrity impact with no code execution capability. No public exploit or active exploitation has been identified; EPSS at 0.14% (4th percentile) and SSVC exploitation status of 'none' confirm extremely low real-world exploitation probability at time of analysis.
UI spoofing in Google Chrome's WebXR component (all versions prior to 150.0.7871.47) allows remote attackers to misrepresent browser interface elements when a victim visits a crafted HTML page. The flaw stems from an inappropriate implementation in the WebXR Device API, enabling manipulation of what the user perceives as trusted UI - potentially obscuring origin indicators, security state, or page identity. No public exploit code exists and EPSS stands at 0.18% (8th percentile); CISA SSVC rates exploitation as none with partial technical impact, placing this firmly in the lower-priority tier despite its network-accessible vector.
UI spoofing in Google Chrome's WebAppInstalls component (prior to 150.0.7871.47) is reachable only after an attacker has already compromised the Chrome renderer process, making this a chained, post-exploitation capability rather than a standalone entry point. With a compromised renderer, the attacker can serve a crafted HTML page that bypasses insufficient input validation in WebAppInstalls to forge Chrome's native UI - potentially deceiving users into trusting malicious web app install prompts or dialogs. No public exploit or active exploitation (CISA KEV) is confirmed; EPSS sits at 0.18% (8th percentile), consistent with the high prerequisite barrier and Chromium's own 'Low' severity rating.
UI spoofing in Google Chrome's Omnibox (address bar) prior to version 150.0.7871.47 allows a remote attacker to misrepresent origin or security indicators to a victim via a crafted HTML page. Rooted in CWE-451 (misrepresentation of critical security information), the flaw can enable phishing or origin-confusion attacks by deceiving users into trusting a false domain indicator. No public exploit code exists, CISA SSVC rates exploitation as none, and the EPSS score of 0.18% (8th percentile) confirms this is low-priority outside phishing-sensitive deployments.
UI spoofing in Google Chrome for Android (prior to 150.0.7871.47) via the PreviewTab feature allows remote attackers to misrepresent interface elements through a crafted HTML page. Successful exploitation requires high attack complexity - specifically, the attacker must convince a victim to perform particular UI gestures - limiting this to targeted rather than opportunistic attacks. No active exploitation or public proof-of-concept has been identified; the Chromium security team rates this as Low severity, consistent with its constrained CVSS 4.2 score.
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in Printing in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Domain spoofing in Google Chrome for Android (versions prior to 150.0.7871.47) allows remote attackers to deceive users about the origin of a webpage by exploiting incorrect rendering of security-critical UI elements via a crafted HTML page. User interaction is required - the victim must navigate to the attacker-controlled page - and impact is limited to integrity (UI misrepresentation), with no direct confidentiality or availability consequences. No active exploitation is confirmed (not in CISA KEV) and EPSS of 0.17% at the 7th percentile reflects minimal real-world exploitation activity; Google itself rates this 'Low' severity.
Uninitialized memory use in Chrome's ANGLE graphics layer exposes potentially sensitive process memory contents to remote attackers who can entice a user to visit a crafted HTML page. The flaw affects all Chrome versions prior to 150.0.7871.47, with High confidentiality impact per CVSS despite Google's own Chromium severity rating of Low - a discrepancy suggesting practical extraction of meaningful data is constrained in real-world conditions. No public exploit identified at time of analysis, and no CISA KEV listing; a vendor patch has been released.
OS-level privilege escalation in Google Chrome for Windows before 150.0.7871.47 lets a local attacker leverage an inappropriate implementation in the CredentialProvider component to elevate privileges via a malicious file. Exploitation requires local access plus user interaction (UI:R), and though Google rated the Chromium security severity 'Low', the CVSS 3.1 base score is 7.8 (High) due to full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, and the EPSS probability is very low at 0.11% (2nd percentile).
Omnibox (URL bar) spoofing in Google Chrome for iOS prior to 150.0.7871.47 allows a remote attacker to display a fraudulent URL in the browser's address bar by delivering a crafted HTML page. The root cause is classified as CWE-451 (UI Misrepresentation of Critical Information), meaning the security UI fails to accurately reflect the true origin of displayed content - a condition that directly undermines phishing defenses. No public exploit code has been identified at time of analysis, and the EPSS score of 0.18% (8th percentile) indicates very low observed exploitation pressure, consistent with the Chromium team's own 'Low' severity rating.
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)
Remote code execution in Google Chrome's Chromoting (Chrome Remote Desktop) component on Linux, fixed in 150.0.7871.47, lets a remote attacker corrupt memory via crafted network traffic and potentially run arbitrary code. The flaw is a CWE-416 use-after-free reported by Google's internal Chrome security team; there is no public exploit identified at time of analysis and it is not in CISA KEV. Note a signal conflict: NVD scores this 9.8 (Critical) while Chromium itself rated the security severity 'Low', and EPSS is only 0.20% (10th percentile).
Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Type confusion in Chrome's Bluetooth stack on Windows (versions prior to 150.0.7871.47) enables an adjacent-network attacker to exfiltrate sensitive data from Chrome process memory by presenting a malicious Bluetooth peripheral. The CVSS 6.5 score reflects high confidentiality impact but no integrity or availability exposure; notably, Chromium's internal security team rated this Low severity, suggesting the memory regions accessible are constrained. No public exploit code and no CISA KEV listing exist at time of analysis, and exploitation is physically bounded by Bluetooth range.
Cross-origin data leak in Google Chrome DevTools prior to version 150.0.7871.47 exposes sensitive information from foreign origins when a victim visits a crafted HTML page and performs attacker-directed UI gestures. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) confirms high confidentiality impact with no integrity or availability consequences. No public exploit identified at time of analysis, and EPSS of 0.18% at the 8th percentile - combined with Chromium's own 'Low' severity classification - signals limited real-world exploitation likelihood despite the Medium NVD score.
Memory disclosure via DevTools in Google Chrome on Windows (prior to 150.0.7871.47) enables a remote attacker to read sensitive process memory contents by delivering a crafted HTML page and manipulating the victim into performing specific UI gestures. The vulnerability is Windows-platform-exclusive and carries a Chromium-internal severity of Low, consistent with SSVC's assessment of no current exploitation and non-automatable delivery. No active exploitation or public exploit code has been identified at time of analysis, though the CVSS C:H rating reflects meaningful confidentiality risk if successfully triggered.
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Privilege escalation in Google Chrome's Cast component before 150.0.7871.47 allows a remote attacker who has already compromised the renderer process to escape renderer-level restrictions and gain higher privileges via a crafted HTML page. Rated Low severity by Chromium despite a 7.5 CVSS, it functions as a second-stage sandbox-escape primitive rather than a standalone initial-access bug. There is no public exploit identified at time of analysis and EPSS is low (0.18%, 8th percentile), indicating minimal near-term mass-exploitation risk.
Inappropriate implementation in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. (Chromium security severity: Low)
Sandbox escape in Google Chrome for Windows before 150.0.7871.47 lets an attacker who has already compromised the renderer process abuse a use-after-free in the Updater component via a crafted HTML page to break out of the browser sandbox. It is a second-stage bug that Chromium rated only Low severity despite the CVSS 9.6 score, with no public exploit identified at time of analysis and a low EPSS probability of 0.18% (8th percentile). Google has shipped a fixed Stable-channel build.
Inappropriate implementation in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
Use after free in WebProtect in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Low)
Inappropriate implementation in DarkMode in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Sandbox escape in Google Chrome desktop before 150.0.7871.47 lets an attacker who has already compromised the renderer process bypass Mojo IPC policy enforcement and break out of the sandbox using a crafted HTML page. This is a second-stage flaw in the Mojo inter-process communication layer rather than an initial-access bug, and Google itself rated the Chromium security severity as Low despite the NVD CVSS of 9.6. No public exploit identified at time of analysis, and EPSS is low (0.17%, 7th percentile).
Use after free in PDFium in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)
Remote code execution in Google Chrome desktop before 150.0.7871.47 stems from a use-after-free in the Scheduling component, letting a remote attacker run arbitrary code within the renderer sandbox when a victim opens a crafted HTML page. There is no public exploit identified at time of analysis and the vulnerability is not in CISA KEV; EPSS is low at 0.21% (12th percentile). Google rates the Chromium security severity as Low despite the NVD CVSS of 8.8, reflecting that code execution is confined to the sandbox rather than the host.
Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Same-origin-policy bypass in Google Chrome's Speech component before 150.0.7871.47 lets a remote attacker who lures a victim to a crafted HTML page cross origin boundaries via insufficient policy enforcement. No public exploit identified at time of analysis and EPSS is low (0.18%, 8th percentile); notably, Google's own Chromium team rated this Low severity even though NVD scored it CVSS 9.6, a significant conflict defenders should weigh. Requires user interaction (visiting the page) and affects all Chrome desktop builds prior to the fixed stable release.
Sandboxed remote code execution in Google Chrome desktop before 150.0.7871.47 lets a remote attacker run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page, exploiting insufficient input validation in the WebAppInstalls component. Google rates the Chromium severity as Low because execution is contained within the sandbox and no escape is included, and there is no public exploit identified at time of analysis. EPSS is low (0.21%, 12th percentile) and CISA SSVC records exploitation status as none.
Use-after-free in Chrome's SSL handling on ChromeOS exposes process memory contents to remote attackers who can serve a crafted HTML page. Only ChromeOS builds of Chrome prior to 150.0.7871.47 are affected - this is not a cross-platform flaw. SSVC rates exploitation status as none and technical impact as partial, and Chromium's own severity classification is Low, making this a routine patch-cycle priority rather than an emergency response item despite the CVSS 6.5 score.
Heap corruption via use-after-free in Google Chrome's Passwords component affects all desktop builds prior to 150.0.7871.47, letting a remote attacker who lures a victim to a crafted HTML page potentially achieve memory corruption and code execution in the renderer. The CVSS 3.1 vector (8.8) requires user interaction (visiting the page) but no privileges or authentication. No public exploit identified at time of analysis, and the low EPSS score (0.17%, 7th percentile) plus Chromium's own 'Low' severity rating suggest limited real-world exploitation likelihood despite the high CVSS.
Sandbox escape in Google Chrome on macOS before 150.0.7871.47 lets a remote attacker who has already compromised the renderer process break out of the browser sandbox through a crafted HTML page. The root cause is insufficient policy enforcement in Chrome's macOS sandbox (CWE-693). No public exploit identified at time of analysis, and EPSS is low (0.17%, 7th percentile); Google's own Chromium security team rated the severity 'Low', which conflicts sharply with the CVSS 9.6 assigned by NVD.
Cross-origin data leakage in Google Chrome's NetworkCache component affects all desktop versions prior to 150.0.7871.47, enabling remote attackers to read sensitive cached data belonging to other origins. Exploitation requires a victim to visit a specially crafted HTML page, placing this squarely in the browser-based phishing and malvertising threat model. No public exploit code or active exploitation has been identified; an EPSS score of 0.17% (7th percentile) and Chromium's own Low severity classification indicate low immediate exploitation probability despite the Medium CVSS base score.
Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Sandbox escape in Google Chrome on macOS prior to 150.0.7871.47 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the WebAppInstalls component. Chromium rated the underlying issue Low severity even though the CVSS base score is 9.6, and there is no public exploit identified at time of analysis; EPSS is 0.17% (7th percentile). The vulnerability is a second-stage primitive that requires prior renderer code execution, not a standalone drive-by.
Inappropriate implementation in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Sandbox escape in Google Chrome desktop versions prior to 150.0.7871.47 lets an attacker who has already compromised the renderer process break out of the browser sandbox and gain code execution on the host via a crafted HTML page. The flaw stems from insufficient policy enforcement in the browser process (CWE-20) and, while carrying a high CVSS base score of 9.6 due to the scope change, was rated only Low severity by Chromium because it is not independently exploitable. No public exploit has been identified and EPSS probability is very low (0.17%, 7th percentile).
Use after free in Installer in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low)
Sandbox escape in Google Chrome's Cast component (versions prior to 150.0.7871.47) lets an attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page, exploiting a use-after-free (CWE-416) memory-corruption bug. Google's Chromium team rated the security severity as Low, and while NVD assigns a 9.6 CVSS reflecting full sandbox-escape impact, exploitation is gated behind a pre-existing renderer compromise. No public exploit was identified at time of analysis, EPSS is very low at 0.17% (7th percentile), and there is no CISA KEV listing.
Cross-origin data leakage in Google Chrome prior to 150.0.7871.47 enables an on-path network adversary to bypass Chrome's privacy policy enforcement and observe data belonging to a different origin via crafted malicious network traffic. The flaw is classified as CWE-693 (Protection Mechanism Failure), indicating Chrome's privacy isolation layer fails to correctly enforce cross-origin restrictions under certain network conditions. EPSS sits at 0.11% (2nd percentile), no public exploit code is known, and the vulnerability has not been added to CISA KEV; Chromium itself rates this Low severity.
Use after free in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
Out-of-bounds memory read in the CameraCapture component of Google Chrome on ChromeOS (versions prior to 150.0.7871.47) lets a remote attacker leak adjacent process memory when a victim opens a crafted HTML page. No public exploit identified at time of analysis, and EPSS is low (0.17%), but the flaw is marked automatable by CISA SSVC. Note a signal conflict: the NVD CVSS is 8.1 (high) while Google rates the Chromium security severity as Low.
UI spoofing in Google Chrome's PopupBlocker component (all versions prior to 150.0.7871.47) enables a remote attacker who has already compromised the Chrome renderer process to manipulate browser UI elements through a crafted HTML page. The integrity impact is limited to UI deception - no code execution, credential theft, or availability impact is possible through this flaw alone. EPSS at 0.17% (7th percentile) and Chromium's own 'Low' severity rating align with the constrained exploit chain; no public exploit or CISA KEV listing exists at time of analysis.
Uninitialized memory read in the Canvas API of Google Chrome on Android (prior to 150.0.7871.47) exposes potentially sensitive process memory contents to remote attackers. Exploitation requires luring a target to a crafted HTML page, after which the uninitialized Canvas buffer may leak memory from the renderer process. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; Chromium's own security team rates severity as Low despite the NVD CVSS score of 6.5.
Heap corruption in Google Chrome's WebNN (Web Neural Network API) implementation on Windows, fixed in 150.0.7871.47, lets an attacker who has already compromised the renderer process trigger a heap buffer overflow via a crafted HTML page and potentially escalate beyond the sandbox. Chromium's own security team rated this Low severity, while NVD scores it 8.8; EPSS is low at 0.19% (9th percentile) and there is no public exploit identified at time of analysis. It is not listed in CISA KEV and SSVC records exploitation status as none.
Remote code execution in Google Chrome desktop versions prior to 150.0.7871.47 stems from insufficient policy enforcement in the WebHID component, letting a remote attacker who lures a victim to a crafted HTML page break out of intended HID access controls and run arbitrary code. Exploitation requires user interaction (visiting a malicious page) but no authentication, and no public exploit has been identified at time of analysis; EPSS is low at 0.21% (12th percentile). Notably, Google rates the Chromium security severity as 'Low' while the NVD-style CVSS is 8.8, a discrepancy worth weighing when prioritizing.
CSS side-channel information leakage in Google Chrome prior to 150.0.7871.47 enables remote attackers to exfiltrate cross-origin data by luring victims to a crafted HTML page. The CVSS vector rates confidentiality impact as High (C:H) with network access and no authentication required from the attacker, though user interaction is necessary. Despite the NVD Medium score of 6.5, Google's internal Chromium severity rating is Low, EPSS sits at just 0.17% (7th percentile), there is no KEV listing, and no public exploit has been identified at time of analysis - signals that collectively indicate limited real-world exploitability.
Heap corruption in the Chromoting (Chrome Remote Desktop) component of Google Chrome before 150.0.7871.47 lets a remote attacker deliver malicious network traffic to a victim's active remote session, potentially corrupting heap memory and enabling arbitrary code execution in the browser process. All desktop Chrome installs using Chrome Remote Desktop below the fixed build are affected. There is no public exploit identified at time of analysis, and CISA SSVC records exploitation as none; EPSS is low at 0.16% (6th percentile), so this is a patch-during-normal-cycle item rather than an emergency.
Universal Cross-Site Scripting (UXSS) in Google Chrome before 150.0.7871.47 enables remote attackers to inject arbitrary scripts or HTML across security origins by serving a crafted HTML page to a victim user. The flaw stems from insufficient input validation in Chrome's HTML handling (CWE-20), and its Scope:Changed CVSS metric confirms the core danger: injected scripts escape the attacker-controlled origin and execute in the context of other web origins, undermining the browser's same-origin policy. No public exploit code or CISA KEV listing is identified at time of analysis; EPSS stands at 0.18% (8th percentile), consistent with the vendor's own 'Low' Chromium severity classification despite a NVD CVSS score of 6.1.
Cross-origin data leakage in Google Chrome's Storage component prior to version 150.0.7871.47 enables remote attackers to read data belonging to a different origin by exploiting a race condition triggered via a crafted HTML page. The Chromium security team internally rated this as Low severity - a notable contrast to the CVSS 6.5 score reflecting High confidentiality impact - suggesting the practical exploitation window or data exposure scope is constrained in real-world conditions. No public exploit has been identified at time of analysis, and EPSS at 0.14% (4th percentile) confirms negligible observed exploitation activity.
Insufficient policy enforcement in Chrome's DevTools component allows a crafted malicious extension to read potentially sensitive data from process memory. Affected versions are all Google Chrome releases prior to 150.0.7871.47 on desktop platforms. An attacker must first persuade a victim to install the malicious extension, after which the extension can silently extract in-memory data - including session tokens, credentials, or page content resident in the Chrome process - without triggering further user interaction. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.
Navigation restriction bypass in Google Chrome for Android (prior to 150.0.7871.47) allows a remote attacker to circumvent browser navigation controls through crafted malicious network traffic targeting the TabSwitcher component. The flaw stems from insufficient input validation (CWE-20) in the tab management UI and requires user interaction to trigger, limiting its practical reach. With an EPSS score of 0.17% (7th percentile), no public exploit code, no CISA KEV listing, and Chromium's own internal severity rating of Low, real-world exploitation risk is minimal despite network reachability.
Same-origin policy bypass in Google Chrome's Network component (versions prior to 150.0.7871.47) allows a remote attacker to violate cross-origin isolation by delivering a crafted HTML page to a victim. The flaw, rooted in CWE-346 (Origin Validation Error), enables unauthorized cross-origin integrity impacts - an attacker can cause a browser to act on or submit data across origin boundaries it should enforce. With an EPSS of 0.18% at the 8th percentile, no CISA KEV listing, and no public exploit identified, active exploitation risk is low at this time, though Chrome's ubiquitous deployment ensures broad attack surface if exploitation techniques mature.
Privilege escalation in Google Chrome's WebRTC component (versions prior to 150.0.7871.47) allows a remote attacker to escape normal renderer restrictions when a victim opens a crafted HTML page, per the CVSS vector achieving high confidentiality, integrity, and availability impact. Exploitation requires user interaction (visiting a malicious page) but no prior authentication. There is no public exploit identified at time of analysis, and the EPSS score is low (0.17%, 7th percentile); notably, Google/Chromium rated this 'Low' severity while the NVD CVSS is 8.8 (High), a discrepancy defenders should weigh.
Inappropriate implementation in Select in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Content Security Policy bypass in Google Chrome prior to 150.0.7871.47 allows a remote attacker to circumvent network-level policy enforcement by delivering a crafted HTML page to a victim. The Chrome security team internally rated this as Low severity, consistent with the CVSS 4.3 score and an impact limited to integrity (I:L) with no confidentiality or availability consequences. No public exploit code or active exploitation has been identified; EPSS places this in the 8th percentile of exploitation likelihood.
No-referrer policy bypass in Google Chrome for iOS prior to 150.0.7871.47 allows a remote attacker to capture referrer URL information that the browser was supposed to suppress. Exploitation requires user interaction - the victim must visit a crafted HTML page served by the attacker - and exploits a client-side enforcement gap (CWE-602) specific to the iOS build of Chrome. EPSS is 0.19% (9th percentile) and no active exploitation or KEV listing exists, consistent with the Low Chromium severity rating.
Side-channel information leakage in the WebAuthentication component of Google Chrome on iOS (prior to 150.0.7871.47) exposes cross-origin data to remote attackers via a crafted HTML page, requiring only that a victim visit attacker-controlled content. The CVSS Confidentiality:High rating reflects the category of cross-origin data exposure, while Chromium's own internal severity classification of Low and an EPSS score of 0.21% (11th percentile) both signal that practical exploitation is considered unlikely at scale. No public exploit is identified at time of analysis and no CISA KEV listing exists.
Navigation restriction bypass in Google Chrome's WebXR component affects all versions prior to 150.0.7871.47, exploitable by a remote unauthenticated attacker who can induce a user to visit a crafted HTML page. The root cause is insufficient input validation (CWE-20) within the WebXR subsystem, resulting in limited integrity impact via unauthorized navigation. No public exploit exists and EPSS sits at 0.18% (8th percentile), consistent with the Chromium team's own Low severity classification - this represents a genuine but low-priority risk.
Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Side-channel information leakage via the WebAudio API in Google Chrome prior to 150.0.7871.47 enables a remote attacker to extract cross-origin data from a victim's browser session through a crafted HTML page. The vulnerability abuses WebAudio's timing or spectral measurement capabilities to infer data that should be isolated by the Same-Origin Policy, exposing potentially sensitive cross-origin resources. No active exploitation has been confirmed (absent from CISA KEV), and the EPSS score of 0.17% at the 7th percentile reflects very low current exploitation probability; Chromium's own team rated the severity as Low despite the NVD's Medium (6.5) CVSS assignment.
Integer overflow in Chrome's WebNN (Web Neural Network API) component prior to version 150.0.7871.47 enables remote attackers to read potentially sensitive data from browser process memory by luring a user to a crafted HTML page. The attack requires no privileges and no special configuration, but mandates user interaction - the victim must navigate to a malicious page. No public exploit identified at time of analysis; CISA SSVC rates exploitation as none with partial technical impact, and Google itself assigned a Low Chromium severity, suggesting real-world impact is constrained by browser sandboxing despite the CVSS C:H rating.
Integer overflow in the WebNN component of Google Chrome prior to 150.0.7871.47 allows an unauthenticated remote attacker to read potentially sensitive data from Chrome's process memory. Exploitation requires convincing a victim to visit a crafted HTML page, placing this in the class of user-interaction-dependent browser memory disclosure vulnerabilities. No public exploit code exists and CISA has not listed this in KEV; SSVC rates exploitation as 'none' and Chromium's own triage assigns 'Low' severity, suggesting the disclosed memory is constrained in practice.
Universal Cross-Site Scripting (UXSS) in Chrome's Omnibox on iOS enables remote attackers to inject arbitrary scripts or HTML across security origins by luring users into performing specific UI gestures on a crafted page. Affected versions are Chrome for iOS prior to 150.0.7871.47; the desktop channel is not affected. No public exploit code or active exploitation has been identified at time of analysis, and EPSS sits at 0.18% (8th percentile), consistent with Chromium's own 'Low' severity rating despite the scope-changed CVSS vector.
Denial of service in dhcpcd's IPv6 Neighbor Discovery Router Advertisement parser allows an adjacent unauthenticated attacker to exhaust CPU resources on any host running dhcpcd with IPv6 enabled. The flaw (CWE-835 - infinite loop) arises because a zero-length Neighbor Discovery option passes initial storage validation but is later reparsed without sufficient bounds enforcement, causing the parser to loop indefinitely without advancing. No active exploitation is confirmed (not in CISA KEV), but the adjacent-network attack vector and zero-privilege requirement make this actionable on shared Layer-2 environments such as enterprise Wi-Fi, cloud VLANs, and data-center segments.
Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
Cross-origin data leakage in Google Chrome prior to 150.0.7871.47 exposes sensitive user data from other origins when a victim visits a specially crafted HTML page that exploits insufficient policy enforcement in the StorageAccessAPI. The API, designed to manage third-party storage access in privacy-restricting browser contexts, fails to enforce cross-origin boundaries correctly, allowing an attacker to read data belonging to unrelated origins. No active exploitation has been confirmed - CVE is absent from CISA KEV, EPSS rates exploitation likelihood at 0.17% (7th percentile), and SSVC classifies exploitation status as none - though the CVSS confidentiality impact is rated High.
UI spoofing in Google Chrome's DevTools component allows an attacker to misrepresent critical interface information to users who have been socially engineered into installing a malicious Chrome Extension. Affected versions are all Chrome releases prior to 150.0.7871.47. The flaw stems from an inappropriate implementation (CWE-451) in DevTools, enabling an extension to manipulate how DevTools renders UI elements - potentially deceiving developers or power users into trusting falsified debugging output or security indicators. No public exploit code has been identified at time of analysis, and this vulnerability is not in the CISA KEV catalog.
UI spoofing in the Glic component of Google Chrome (all versions prior to 150.0.7871.47) enables a remote attacker to misrepresent browser interface elements via a crafted HTML page, provided the victim is socially engineered into performing specific UI gestures. The CVSS vector (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) assigns high confidentiality impact, suggesting the spoofed UI can be leveraged to elicit disclosure of sensitive information such as credentials or session data. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis.
Sandbox escape in Google Chrome's ANGLE graphics layer (versions prior to 150.0.7871.47) lets an attacker who has already compromised the renderer process break out of the renderer sandbox via a crafted HTML page. The flaw is a CWE-787 out-of-bounds read and write; Google's own Chromium team rated the security severity as Low, and there is no public exploit identified at time of analysis. EPSS estimates only a 0.17% (7th percentile) chance of exploitation, and the vulnerability is not listed in CISA KEV.
Sandbox escape in Google Chrome desktop before 150.0.7871.47 lets an attacker who has already compromised the renderer process break out of the security sandbox using a crafted HTML page, elevating from a contained renderer to broader host access. Rooted in CWE-669 (incorrect resource transfer between spheres) within Chrome's AI component, it carries a CVSS 8.3 (scope-changed) rating despite Google's own 'Low' Chromium severity, reflecting the fact that it is a second-stage escape rather than a standalone entry point. There is no public exploit identified at time of analysis, EPSS exploitation probability is low (0.17%, 7th percentile), and it is not listed in CISA KEV.
UI spoofing via the Speech component in Google Chrome prior to 150.0.7871.47 requires an attacker to have already compromised the renderer process, making this a chained, second-stage exploit rather than a standalone remote attack. The vulnerability stems from insufficient input validation (CWE-20) in Chrome's Speech subsystem, enabling a renderer-compromised attacker to manipulate browser UI elements through a crafted HTML page. No public exploit code exists, SSVC assessment confirms no active exploitation, and an EPSS score of 0.17% (7th percentile) reflects a very low probability of mass exploitation - consistent with Google's own 'Low' internal severity rating.
Use after free in Audio in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
Type confusion in the CSS processing engine of Google Chrome prior to 150.0.7871.47 enables remote attackers to read potentially sensitive data from renderer process memory by delivering a crafted HTML page to a victim. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms network delivery with no attacker privileges required, though a single user interaction - visiting the malicious page - is necessary. No public exploit code has been identified, CISA SSVC rates exploitation as none at time of analysis, and Chromium's own team classified severity as Low, suggesting limited practical memory disclosure value despite the NVD CVSS C:H rating.
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)
Cross-origin data leak in Google Chrome's CSS implementation (versions prior to 150.0.7871.47) enables remote attackers to exfiltrate sensitive data from other origins when a victim visits a specially crafted HTML page. The vulnerability stems from inappropriate CSS handling that creates a side-channel bypassing same-origin policy protections, resulting in high-confidentiality-impact information disclosure with no integrity or availability consequences. No public exploit has been identified and exploitation has not been observed in the wild; CISA SSVC rates exploitation as none and technical impact as partial, aligning with Google's internal Low severity classification despite the NVD CVSS 6.5 score.
Universal Cross-Site Scripting (UXSS) in Google Chrome's CSS implementation prior to 150.0.7871.47 allows a remote attacker to inject arbitrary scripts or HTML by luring a user to a crafted web page, with the scope change (S:C) in the CVSS vector indicating potential Same-Origin Policy bypass affecting other loaded origins. No public exploit or active exploitation is identified at time of analysis - EPSS sits at 0.17% (6th percentile) and SSVC exploitation status is rated 'none.' A vendor-released patch is available in stable channel 150.0.7871.47.
UI spoofing in Google Chrome's Views component (versions prior to 150.0.7871.47) allows a remote attacker to misrepresent security-critical browser interface elements through a crafted HTML page. Exploitation requires convincing a target user to perform specific UI gestures, making the attack conditional on social engineering. No public exploit has been identified and this vulnerability is not listed in the CISA KEV catalog; Google has released a patch as part of the stable channel update.
Incorrect security UI in Passwords in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
UI spoofing in Google Chrome's Extensions implementation (all versions prior to 150.0.7871.47) enables a remote attacker - who has already achieved renderer process compromise via a separate exploit - to render deceptive UI elements through a crafted HTML page, potentially misleading users into unintended interactions. The vulnerability carries a CVSS 5.4 Medium score, though Chromium's internal rating is Low, and the EPSS score of 0.18% (8th percentile) reflects minimal exploitation probability. No public exploit code and no active exploitation (CISA KEV) have been identified at time of analysis.
Domain spoofing via incorrect security UI in Google Chrome's Document Picture-in-Picture feature on Android (prior to 150.0.7871.47) allows a remote attacker to deceive users about the origin of displayed content. By serving a crafted HTML page, an attacker can cause Chrome on Android to render a misleading security UI - misrepresenting the domain shown to the user. No public exploit has been identified at time of analysis, EPSS sits at 0.18% (8th percentile), and SSVC rates exploitation as none, making this a low operational priority despite its network-accessible attack vector.
Insufficient validation of untrusted input in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
UI spoofing in Google Chrome's TabStrip component prior to version 150.0.7871.47 allows a remote attacker to misrepresent tab or page identity through a crafted HTML page, contingent on convincing the victim to perform specific UI gestures. The CVSS vector (AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L) places real-world risk in the lower tier: high attack complexity, mandatory user interaction, and no confidentiality impact combine to limit practical exploitation. No public exploit code exists and CISA has not added this to the KEV catalog, consistent with Google's own Low severity classification.
UI spoofing in Google Chrome's WebAppInstalls component on Windows (versions prior to 150.0.7871.47) enables a remote attacker to misrepresent the browser interface by luring a user into performing specific UI interaction gestures on a crafted HTML page. The flaw is Windows-platform-specific and rooted in an inappropriate implementation of the Progressive Web App installation UI flow. Google rates this Low severity; no public exploit identified at time of analysis, and EPSS data is not present in the provided intelligence, but the CVSS 4.2 score and required high-complexity user interaction significantly limit real-world risk.
UI spoofing in Google Chrome for iOS prior to 150.0.7871.47 allows a remote attacker to manipulate browser interface elements via a crafted HTML page, provided the attacker can lure the victim into performing specific UI gestures. The root cause is insufficient validation of untrusted HTML input (CWE-20) within Chrome's iOS-specific rendering layer, resulting in low-integrity and low-availability impact. No public exploit code has been identified at time of analysis, and this vulnerability has not been added to the CISA KEV catalog; Chromium's own severity classification is Low.
Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
UI spoofing in Google Chrome's Network component (versions prior to 150.0.7871.47) can be triggered by a remote attacker who has already compromised the renderer process, allowing browser UI elements to be faked via a crafted HTML page. This is a chained exploit - not a standalone flaw - requiring both prior renderer compromise and user interaction, which significantly constrains real-world risk. No public exploit code exists and no confirmed active exploitation has been recorded; EPSS at 0.18% (8th percentile) and Chromium's own 'Low' severity rating reinforce this assessment.
Inappropriate implementation in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
UI spoofing via race condition in Google Chrome's History Embeddings component (versions prior to 150.0.7871.47) enables remote attackers to present falsified browser interface elements to users through a crafted HTML page. The flaw requires both high attack complexity - a precisely timed race window - and victim interaction, yielding only limited confidentiality and integrity impact with no code execution capability. No public exploit or active exploitation has been identified; EPSS at 0.14% (4th percentile) and SSVC exploitation status of 'none' confirm extremely low real-world exploitation probability at time of analysis.
UI spoofing in Google Chrome's WebXR component (all versions prior to 150.0.7871.47) allows remote attackers to misrepresent browser interface elements when a victim visits a crafted HTML page. The flaw stems from an inappropriate implementation in the WebXR Device API, enabling manipulation of what the user perceives as trusted UI - potentially obscuring origin indicators, security state, or page identity. No public exploit code exists and EPSS stands at 0.18% (8th percentile); CISA SSVC rates exploitation as none with partial technical impact, placing this firmly in the lower-priority tier despite its network-accessible vector.
UI spoofing in Google Chrome's WebAppInstalls component (prior to 150.0.7871.47) is reachable only after an attacker has already compromised the Chrome renderer process, making this a chained, post-exploitation capability rather than a standalone entry point. With a compromised renderer, the attacker can serve a crafted HTML page that bypasses insufficient input validation in WebAppInstalls to forge Chrome's native UI - potentially deceiving users into trusting malicious web app install prompts or dialogs. No public exploit or active exploitation (CISA KEV) is confirmed; EPSS sits at 0.18% (8th percentile), consistent with the high prerequisite barrier and Chromium's own 'Low' severity rating.
UI spoofing in Google Chrome's Omnibox (address bar) prior to version 150.0.7871.47 allows a remote attacker to misrepresent origin or security indicators to a victim via a crafted HTML page. Rooted in CWE-451 (misrepresentation of critical security information), the flaw can enable phishing or origin-confusion attacks by deceiving users into trusting a false domain indicator. No public exploit code exists, CISA SSVC rates exploitation as none, and the EPSS score of 0.18% (8th percentile) confirms this is low-priority outside phishing-sensitive deployments.
UI spoofing in Google Chrome for Android (prior to 150.0.7871.47) via the PreviewTab feature allows remote attackers to misrepresent interface elements through a crafted HTML page. Successful exploitation requires high attack complexity - specifically, the attacker must convince a victim to perform particular UI gestures - limiting this to targeted rather than opportunistic attacks. No active exploitation or public proof-of-concept has been identified; the Chromium security team rates this as Low severity, consistent with its constrained CVSS 4.2 score.
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in Printing in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Domain spoofing in Google Chrome for Android (versions prior to 150.0.7871.47) allows remote attackers to deceive users about the origin of a webpage by exploiting incorrect rendering of security-critical UI elements via a crafted HTML page. User interaction is required - the victim must navigate to the attacker-controlled page - and impact is limited to integrity (UI misrepresentation), with no direct confidentiality or availability consequences. No active exploitation is confirmed (not in CISA KEV) and EPSS of 0.17% at the 7th percentile reflects minimal real-world exploitation activity; Google itself rates this 'Low' severity.
Uninitialized memory use in Chrome's ANGLE graphics layer exposes potentially sensitive process memory contents to remote attackers who can entice a user to visit a crafted HTML page. The flaw affects all Chrome versions prior to 150.0.7871.47, with High confidentiality impact per CVSS despite Google's own Chromium severity rating of Low - a discrepancy suggesting practical extraction of meaningful data is constrained in real-world conditions. No public exploit identified at time of analysis, and no CISA KEV listing; a vendor patch has been released.
OS-level privilege escalation in Google Chrome for Windows before 150.0.7871.47 lets a local attacker leverage an inappropriate implementation in the CredentialProvider component to elevate privileges via a malicious file. Exploitation requires local access plus user interaction (UI:R), and though Google rated the Chromium security severity 'Low', the CVSS 3.1 base score is 7.8 (High) due to full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, and the EPSS probability is very low at 0.11% (2nd percentile).
Omnibox (URL bar) spoofing in Google Chrome for iOS prior to 150.0.7871.47 allows a remote attacker to display a fraudulent URL in the browser's address bar by delivering a crafted HTML page. The root cause is classified as CWE-451 (UI Misrepresentation of Critical Information), meaning the security UI fails to accurately reflect the true origin of displayed content - a condition that directly undermines phishing defenses. No public exploit code has been identified at time of analysis, and the EPSS score of 0.18% (8th percentile) indicates very low observed exploitation pressure, consistent with the Chromium team's own 'Low' severity rating.
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)
Remote code execution in Google Chrome's Chromoting (Chrome Remote Desktop) component on Linux, fixed in 150.0.7871.47, lets a remote attacker corrupt memory via crafted network traffic and potentially run arbitrary code. The flaw is a CWE-416 use-after-free reported by Google's internal Chrome security team; there is no public exploit identified at time of analysis and it is not in CISA KEV. Note a signal conflict: NVD scores this 9.8 (Critical) while Chromium itself rated the security severity 'Low', and EPSS is only 0.20% (10th percentile).
Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Type confusion in Chrome's Bluetooth stack on Windows (versions prior to 150.0.7871.47) enables an adjacent-network attacker to exfiltrate sensitive data from Chrome process memory by presenting a malicious Bluetooth peripheral. The CVSS 6.5 score reflects high confidentiality impact but no integrity or availability exposure; notably, Chromium's internal security team rated this Low severity, suggesting the memory regions accessible are constrained. No public exploit code and no CISA KEV listing exist at time of analysis, and exploitation is physically bounded by Bluetooth range.
Cross-origin data leak in Google Chrome DevTools prior to version 150.0.7871.47 exposes sensitive information from foreign origins when a victim visits a crafted HTML page and performs attacker-directed UI gestures. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) confirms high confidentiality impact with no integrity or availability consequences. No public exploit identified at time of analysis, and EPSS of 0.18% at the 8th percentile - combined with Chromium's own 'Low' severity classification - signals limited real-world exploitation likelihood despite the Medium NVD score.
Memory disclosure via DevTools in Google Chrome on Windows (prior to 150.0.7871.47) enables a remote attacker to read sensitive process memory contents by delivering a crafted HTML page and manipulating the victim into performing specific UI gestures. The vulnerability is Windows-platform-exclusive and carries a Chromium-internal severity of Low, consistent with SSVC's assessment of no current exploitation and non-automatable delivery. No active exploitation or public exploit code has been identified at time of analysis, though the CVSS C:H rating reflects meaningful confidentiality risk if successfully triggered.
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Privilege escalation in Google Chrome's Cast component before 150.0.7871.47 allows a remote attacker who has already compromised the renderer process to escape renderer-level restrictions and gain higher privileges via a crafted HTML page. Rated Low severity by Chromium despite a 7.5 CVSS, it functions as a second-stage sandbox-escape primitive rather than a standalone initial-access bug. There is no public exploit identified at time of analysis and EPSS is low (0.18%, 8th percentile), indicating minimal near-term mass-exploitation risk.
Inappropriate implementation in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. (Chromium security severity: Low)
Sandbox escape in Google Chrome for Windows before 150.0.7871.47 lets an attacker who has already compromised the renderer process abuse a use-after-free in the Updater component via a crafted HTML page to break out of the browser sandbox. It is a second-stage bug that Chromium rated only Low severity despite the CVSS 9.6 score, with no public exploit identified at time of analysis and a low EPSS probability of 0.18% (8th percentile). Google has shipped a fixed Stable-channel build.
Inappropriate implementation in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
Use after free in WebProtect in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Low)
Inappropriate implementation in DarkMode in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Sandbox escape in Google Chrome desktop before 150.0.7871.47 lets an attacker who has already compromised the renderer process bypass Mojo IPC policy enforcement and break out of the sandbox using a crafted HTML page. This is a second-stage flaw in the Mojo inter-process communication layer rather than an initial-access bug, and Google itself rated the Chromium security severity as Low despite the NVD CVSS of 9.6. No public exploit identified at time of analysis, and EPSS is low (0.17%, 7th percentile).
Use after free in PDFium in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)
Remote code execution in Google Chrome desktop before 150.0.7871.47 stems from a use-after-free in the Scheduling component, letting a remote attacker run arbitrary code within the renderer sandbox when a victim opens a crafted HTML page. There is no public exploit identified at time of analysis and the vulnerability is not in CISA KEV; EPSS is low at 0.21% (12th percentile). Google rates the Chromium security severity as Low despite the NVD CVSS of 8.8, reflecting that code execution is confined to the sandbox rather than the host.
Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Same-origin-policy bypass in Google Chrome's Speech component before 150.0.7871.47 lets a remote attacker who lures a victim to a crafted HTML page cross origin boundaries via insufficient policy enforcement. No public exploit identified at time of analysis and EPSS is low (0.18%, 8th percentile); notably, Google's own Chromium team rated this Low severity even though NVD scored it CVSS 9.6, a significant conflict defenders should weigh. Requires user interaction (visiting the page) and affects all Chrome desktop builds prior to the fixed stable release.
Sandboxed remote code execution in Google Chrome desktop before 150.0.7871.47 lets a remote attacker run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page, exploiting insufficient input validation in the WebAppInstalls component. Google rates the Chromium severity as Low because execution is contained within the sandbox and no escape is included, and there is no public exploit identified at time of analysis. EPSS is low (0.21%, 12th percentile) and CISA SSVC records exploitation status as none.
Use-after-free in Chrome's SSL handling on ChromeOS exposes process memory contents to remote attackers who can serve a crafted HTML page. Only ChromeOS builds of Chrome prior to 150.0.7871.47 are affected - this is not a cross-platform flaw. SSVC rates exploitation status as none and technical impact as partial, and Chromium's own severity classification is Low, making this a routine patch-cycle priority rather than an emergency response item despite the CVSS 6.5 score.
Heap corruption via use-after-free in Google Chrome's Passwords component affects all desktop builds prior to 150.0.7871.47, letting a remote attacker who lures a victim to a crafted HTML page potentially achieve memory corruption and code execution in the renderer. The CVSS 3.1 vector (8.8) requires user interaction (visiting the page) but no privileges or authentication. No public exploit identified at time of analysis, and the low EPSS score (0.17%, 7th percentile) plus Chromium's own 'Low' severity rating suggest limited real-world exploitation likelihood despite the high CVSS.
Sandbox escape in Google Chrome on macOS before 150.0.7871.47 lets a remote attacker who has already compromised the renderer process break out of the browser sandbox through a crafted HTML page. The root cause is insufficient policy enforcement in Chrome's macOS sandbox (CWE-693). No public exploit identified at time of analysis, and EPSS is low (0.17%, 7th percentile); Google's own Chromium security team rated the severity 'Low', which conflicts sharply with the CVSS 9.6 assigned by NVD.
Cross-origin data leakage in Google Chrome's NetworkCache component affects all desktop versions prior to 150.0.7871.47, enabling remote attackers to read sensitive cached data belonging to other origins. Exploitation requires a victim to visit a specially crafted HTML page, placing this squarely in the browser-based phishing and malvertising threat model. No public exploit code or active exploitation has been identified; an EPSS score of 0.17% (7th percentile) and Chromium's own Low severity classification indicate low immediate exploitation probability despite the Medium CVSS base score.
Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Sandbox escape in Google Chrome on macOS prior to 150.0.7871.47 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the WebAppInstalls component. Chromium rated the underlying issue Low severity even though the CVSS base score is 9.6, and there is no public exploit identified at time of analysis; EPSS is 0.17% (7th percentile). The vulnerability is a second-stage primitive that requires prior renderer code execution, not a standalone drive-by.
Inappropriate implementation in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Sandbox escape in Google Chrome desktop versions prior to 150.0.7871.47 lets an attacker who has already compromised the renderer process break out of the browser sandbox and gain code execution on the host via a crafted HTML page. The flaw stems from insufficient policy enforcement in the browser process (CWE-20) and, while carrying a high CVSS base score of 9.6 due to the scope change, was rated only Low severity by Chromium because it is not independently exploitable. No public exploit has been identified and EPSS probability is very low (0.17%, 7th percentile).
Use after free in Installer in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low)
Sandbox escape in Google Chrome's Cast component (versions prior to 150.0.7871.47) lets an attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page, exploiting a use-after-free (CWE-416) memory-corruption bug. Google's Chromium team rated the security severity as Low, and while NVD assigns a 9.6 CVSS reflecting full sandbox-escape impact, exploitation is gated behind a pre-existing renderer compromise. No public exploit was identified at time of analysis, EPSS is very low at 0.17% (7th percentile), and there is no CISA KEV listing.
Cross-origin data leakage in Google Chrome prior to 150.0.7871.47 enables an on-path network adversary to bypass Chrome's privacy policy enforcement and observe data belonging to a different origin via crafted malicious network traffic. The flaw is classified as CWE-693 (Protection Mechanism Failure), indicating Chrome's privacy isolation layer fails to correctly enforce cross-origin restrictions under certain network conditions. EPSS sits at 0.11% (2nd percentile), no public exploit code is known, and the vulnerability has not been added to CISA KEV; Chromium itself rates this Low severity.
Use after free in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
Out-of-bounds memory read in the CameraCapture component of Google Chrome on ChromeOS (versions prior to 150.0.7871.47) lets a remote attacker leak adjacent process memory when a victim opens a crafted HTML page. No public exploit identified at time of analysis, and EPSS is low (0.17%), but the flaw is marked automatable by CISA SSVC. Note a signal conflict: the NVD CVSS is 8.1 (high) while Google rates the Chromium security severity as Low.
UI spoofing in Google Chrome's PopupBlocker component (all versions prior to 150.0.7871.47) enables a remote attacker who has already compromised the Chrome renderer process to manipulate browser UI elements through a crafted HTML page. The integrity impact is limited to UI deception - no code execution, credential theft, or availability impact is possible through this flaw alone. EPSS at 0.17% (7th percentile) and Chromium's own 'Low' severity rating align with the constrained exploit chain; no public exploit or CISA KEV listing exists at time of analysis.
Uninitialized memory read in the Canvas API of Google Chrome on Android (prior to 150.0.7871.47) exposes potentially sensitive process memory contents to remote attackers. Exploitation requires luring a target to a crafted HTML page, after which the uninitialized Canvas buffer may leak memory from the renderer process. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; Chromium's own security team rates severity as Low despite the NVD CVSS score of 6.5.
Heap corruption in Google Chrome's WebNN (Web Neural Network API) implementation on Windows, fixed in 150.0.7871.47, lets an attacker who has already compromised the renderer process trigger a heap buffer overflow via a crafted HTML page and potentially escalate beyond the sandbox. Chromium's own security team rated this Low severity, while NVD scores it 8.8; EPSS is low at 0.19% (9th percentile) and there is no public exploit identified at time of analysis. It is not listed in CISA KEV and SSVC records exploitation status as none.
Remote code execution in Google Chrome desktop versions prior to 150.0.7871.47 stems from insufficient policy enforcement in the WebHID component, letting a remote attacker who lures a victim to a crafted HTML page break out of intended HID access controls and run arbitrary code. Exploitation requires user interaction (visiting a malicious page) but no authentication, and no public exploit has been identified at time of analysis; EPSS is low at 0.21% (12th percentile). Notably, Google rates the Chromium security severity as 'Low' while the NVD-style CVSS is 8.8, a discrepancy worth weighing when prioritizing.
CSS side-channel information leakage in Google Chrome prior to 150.0.7871.47 enables remote attackers to exfiltrate cross-origin data by luring victims to a crafted HTML page. The CVSS vector rates confidentiality impact as High (C:H) with network access and no authentication required from the attacker, though user interaction is necessary. Despite the NVD Medium score of 6.5, Google's internal Chromium severity rating is Low, EPSS sits at just 0.17% (7th percentile), there is no KEV listing, and no public exploit has been identified at time of analysis - signals that collectively indicate limited real-world exploitability.
Heap corruption in the Chromoting (Chrome Remote Desktop) component of Google Chrome before 150.0.7871.47 lets a remote attacker deliver malicious network traffic to a victim's active remote session, potentially corrupting heap memory and enabling arbitrary code execution in the browser process. All desktop Chrome installs using Chrome Remote Desktop below the fixed build are affected. There is no public exploit identified at time of analysis, and CISA SSVC records exploitation as none; EPSS is low at 0.16% (6th percentile), so this is a patch-during-normal-cycle item rather than an emergency.
Universal Cross-Site Scripting (UXSS) in Google Chrome before 150.0.7871.47 enables remote attackers to inject arbitrary scripts or HTML across security origins by serving a crafted HTML page to a victim user. The flaw stems from insufficient input validation in Chrome's HTML handling (CWE-20), and its Scope:Changed CVSS metric confirms the core danger: injected scripts escape the attacker-controlled origin and execute in the context of other web origins, undermining the browser's same-origin policy. No public exploit code or CISA KEV listing is identified at time of analysis; EPSS stands at 0.18% (8th percentile), consistent with the vendor's own 'Low' Chromium severity classification despite a NVD CVSS score of 6.1.
Cross-origin data leakage in Google Chrome's Storage component prior to version 150.0.7871.47 enables remote attackers to read data belonging to a different origin by exploiting a race condition triggered via a crafted HTML page. The Chromium security team internally rated this as Low severity - a notable contrast to the CVSS 6.5 score reflecting High confidentiality impact - suggesting the practical exploitation window or data exposure scope is constrained in real-world conditions. No public exploit has been identified at time of analysis, and EPSS at 0.14% (4th percentile) confirms negligible observed exploitation activity.
Insufficient policy enforcement in Chrome's DevTools component allows a crafted malicious extension to read potentially sensitive data from process memory. Affected versions are all Google Chrome releases prior to 150.0.7871.47 on desktop platforms. An attacker must first persuade a victim to install the malicious extension, after which the extension can silently extract in-memory data - including session tokens, credentials, or page content resident in the Chrome process - without triggering further user interaction. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.
Navigation restriction bypass in Google Chrome for Android (prior to 150.0.7871.47) allows a remote attacker to circumvent browser navigation controls through crafted malicious network traffic targeting the TabSwitcher component. The flaw stems from insufficient input validation (CWE-20) in the tab management UI and requires user interaction to trigger, limiting its practical reach. With an EPSS score of 0.17% (7th percentile), no public exploit code, no CISA KEV listing, and Chromium's own internal severity rating of Low, real-world exploitation risk is minimal despite network reachability.
Same-origin policy bypass in Google Chrome's Network component (versions prior to 150.0.7871.47) allows a remote attacker to violate cross-origin isolation by delivering a crafted HTML page to a victim. The flaw, rooted in CWE-346 (Origin Validation Error), enables unauthorized cross-origin integrity impacts - an attacker can cause a browser to act on or submit data across origin boundaries it should enforce. With an EPSS of 0.18% at the 8th percentile, no CISA KEV listing, and no public exploit identified, active exploitation risk is low at this time, though Chrome's ubiquitous deployment ensures broad attack surface if exploitation techniques mature.
Privilege escalation in Google Chrome's WebRTC component (versions prior to 150.0.7871.47) allows a remote attacker to escape normal renderer restrictions when a victim opens a crafted HTML page, per the CVSS vector achieving high confidentiality, integrity, and availability impact. Exploitation requires user interaction (visiting a malicious page) but no prior authentication. There is no public exploit identified at time of analysis, and the EPSS score is low (0.17%, 7th percentile); notably, Google/Chromium rated this 'Low' severity while the NVD CVSS is 8.8 (High), a discrepancy defenders should weigh.
Inappropriate implementation in Select in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Content Security Policy bypass in Google Chrome prior to 150.0.7871.47 allows a remote attacker to circumvent network-level policy enforcement by delivering a crafted HTML page to a victim. The Chrome security team internally rated this as Low severity, consistent with the CVSS 4.3 score and an impact limited to integrity (I:L) with no confidentiality or availability consequences. No public exploit code or active exploitation has been identified; EPSS places this in the 8th percentile of exploitation likelihood.
No-referrer policy bypass in Google Chrome for iOS prior to 150.0.7871.47 allows a remote attacker to capture referrer URL information that the browser was supposed to suppress. Exploitation requires user interaction - the victim must visit a crafted HTML page served by the attacker - and exploits a client-side enforcement gap (CWE-602) specific to the iOS build of Chrome. EPSS is 0.19% (9th percentile) and no active exploitation or KEV listing exists, consistent with the Low Chromium severity rating.
Side-channel information leakage in the WebAuthentication component of Google Chrome on iOS (prior to 150.0.7871.47) exposes cross-origin data to remote attackers via a crafted HTML page, requiring only that a victim visit attacker-controlled content. The CVSS Confidentiality:High rating reflects the category of cross-origin data exposure, while Chromium's own internal severity classification of Low and an EPSS score of 0.21% (11th percentile) both signal that practical exploitation is considered unlikely at scale. No public exploit is identified at time of analysis and no CISA KEV listing exists.
Navigation restriction bypass in Google Chrome's WebXR component affects all versions prior to 150.0.7871.47, exploitable by a remote unauthenticated attacker who can induce a user to visit a crafted HTML page. The root cause is insufficient input validation (CWE-20) within the WebXR subsystem, resulting in limited integrity impact via unauthorized navigation. No public exploit exists and EPSS sits at 0.18% (8th percentile), consistent with the Chromium team's own Low severity classification - this represents a genuine but low-priority risk.
Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Side-channel information leakage via the WebAudio API in Google Chrome prior to 150.0.7871.47 enables a remote attacker to extract cross-origin data from a victim's browser session through a crafted HTML page. The vulnerability abuses WebAudio's timing or spectral measurement capabilities to infer data that should be isolated by the Same-Origin Policy, exposing potentially sensitive cross-origin resources. No active exploitation has been confirmed (absent from CISA KEV), and the EPSS score of 0.17% at the 7th percentile reflects very low current exploitation probability; Chromium's own team rated the severity as Low despite the NVD's Medium (6.5) CVSS assignment.
Integer overflow in Chrome's WebNN (Web Neural Network API) component prior to version 150.0.7871.47 enables remote attackers to read potentially sensitive data from browser process memory by luring a user to a crafted HTML page. The attack requires no privileges and no special configuration, but mandates user interaction - the victim must navigate to a malicious page. No public exploit identified at time of analysis; CISA SSVC rates exploitation as none with partial technical impact, and Google itself assigned a Low Chromium severity, suggesting real-world impact is constrained by browser sandboxing despite the CVSS C:H rating.
Integer overflow in the WebNN component of Google Chrome prior to 150.0.7871.47 allows an unauthenticated remote attacker to read potentially sensitive data from Chrome's process memory. Exploitation requires convincing a victim to visit a crafted HTML page, placing this in the class of user-interaction-dependent browser memory disclosure vulnerabilities. No public exploit code exists and CISA has not listed this in KEV; SSVC rates exploitation as 'none' and Chromium's own triage assigns 'Low' severity, suggesting the disclosed memory is constrained in practice.
Universal Cross-Site Scripting (UXSS) in Chrome's Omnibox on iOS enables remote attackers to inject arbitrary scripts or HTML across security origins by luring users into performing specific UI gestures on a crafted page. Affected versions are Chrome for iOS prior to 150.0.7871.47; the desktop channel is not affected. No public exploit code or active exploitation has been identified at time of analysis, and EPSS sits at 0.18% (8th percentile), consistent with Chromium's own 'Low' severity rating despite the scope-changed CVSS vector.