Suse
Monthly
UI spoofing in Google Chrome prior to 150.0.7871.47 allows a remote attacker to visually deceive users by misrepresenting browser UI elements through a crafted HTML page that requires the victim to perform specific interaction gestures. The flaw originates in an inappropriate implementation within Chrome's UI layer (CWE-451), enabling misrepresentation of critical information that could mislead users into unintended actions or false security assumptions. No public exploit code has been identified and the vulnerability is absent from CISA KEV; Google has released a fix in Chrome 150.0.7871.47.
UI spoofing in Google Chrome's Paint component prior to version 150.0.7871.47 allows a remote, unauthenticated attacker to misrepresent critical interface elements by delivering a crafted HTML page to a victim. The root cause is an inappropriate implementation in the Paint rendering subsystem (CWE-451), enabling visual deception that could facilitate phishing or credential theft. No public exploit code has been identified and CISA SSVC rates exploitation as none, placing real-world risk well below what the network-reachable attack vector might imply.
Uninitialized memory read in Skia, Chrome's 2D graphics library, exposes process memory contents to an attacker who has already compromised the renderer process by delivering a crafted HTML page. Affected are all Chrome desktop installations prior to 150.0.7871.47; the confidentiality impact is scoped to renderer process memory, which may contain session tokens, DOM content, or cached credentials. No public exploit code and no CISA KEV listing have been identified at time of analysis; the CVSS Medium score of 5.3 reflects the high attack complexity imposed by the renderer pre-compromise prerequisite.
Uninitialized memory exposure in Google Chrome's Media component allows a remote attacker who has already compromised the renderer process to read potentially sensitive data from process memory by serving a crafted HTML page. Affected versions are all Chrome releases prior to 150.0.7871.47, across desktop platforms. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; exploitation requires a chained renderer compromise, significantly constraining real-world risk despite the high confidentiality impact rating.
Uninitialized memory exposure in the UI layer of Google Chrome on Android (prior to 150.0.7871.47) allows an attacker who has already compromised the renderer process to read potentially sensitive data from process memory by serving a crafted HTML page. The vulnerability is CWE-457 (use of uninitialized variable) and is scoped to the Android platform only. No public exploit code or active exploitation has been identified at time of analysis; a vendor patch has been released.
Arbitrary code execution in Google Chrome's DevTools component (versions prior to 150.0.7871.47) lets a remote attacker run code inside the renderer sandbox after luring a victim into performing specific UI gestures with a malicious file. Rated Medium by Chromium but scored CVSS 7.5, the flaw stems from insufficient validation of untrusted input (CWE-20); no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.24% (15th percentile).
Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.47) allows a remote attacker to run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. Exploitation requires user interaction (visiting a malicious page) but no authentication, and the flaw carries a CVSS 8.8 with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and EPSS is low (0.30%, 22nd percentile), indicating no evidence of widespread exploitation despite the high CVSS.
Inappropriate implementation in History in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Use after free in Oilpan in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Navigation restriction bypass in Google Chrome's WebView component on Android (all versions prior to 150.0.7871.47) allows remote unauthenticated attackers to circumvent enforcement of navigation policies via a specially crafted HTML page, producing high integrity impact with no confidentiality or availability consequence. The CVSS vector (PR:N, UI:R) confirms unauthenticated network exploitation gated on victim interaction, consistent with a social-engineering or malicious-redirect delivery. No public exploit exists and CISA has not added this to KEV; EPSS of 0.22% (13th percentile) and SSVC Exploitation:none collectively indicate low active exploitation probability at time of analysis.
Insufficient data validation in PDF in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Process memory disclosure in Google Chrome DevTools on Windows (versions prior to 150.0.7871.47) allows a remote attacker to read potentially sensitive data from browser process memory by serving a crafted HTML page and convincing a user to perform specific UI gestures. The flaw stems from insufficient input validation (CWE-20) within the DevTools subsystem and is limited to the Windows platform. No public exploit code or CISA KEV listing has been identified at time of analysis, but the confidentiality impact is rated High by NVD.
Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Insufficient validation of untrusted input in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
Uninitialized memory use in the codec subsystem of Google Chrome on Windows exposes potentially sensitive process memory contents to remote attackers via a crafted HTML page. All Chrome for Windows releases prior to 150.0.7871.47 are affected; the flaw is platform-specific and does not affect Chrome on Linux, macOS, or mobile. No public exploit code has been identified and this vulnerability is absent from the CISA KEV catalog, though the CVSS C:H rating reflects meaningful confidentiality risk, and the uninitialized read could serve as a precursor step toward ASLR bypass in a chained attack.
Incorrect security UI in Google Chrome's Extensions subsystem prior to version 150.0.7871.47 enables Universal Cross-Site Scripting (UXSS), allowing script or HTML injection across web origins via a crafted HTML page. Exploitation requires that the victim user be socially engineered into installing a malicious extension, after which a crafted page triggers the CWE-79 flaw in the Extensions UI. No public exploit exists at time of analysis, EPSS sits at the 4th percentile, and CISA has not listed this in KEV, consistent with the SSVC exploitation:none assessment.
UI spoofing in Google Chrome's PageInfo component (all versions prior to 150.0.7871.47) enables remote attackers to misrepresent the browser's security indicators through a crafted HTML page that induces specific user UI gestures. The flaw (CWE-451) causes the PageInfo panel - the panel users consult to evaluate site trustworthiness - to render incorrect security UI, potentially deceiving victims into trusting malicious or unverified origins. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog; exploitation requires high attack complexity and deliberate user interaction, keeping real-world risk moderate despite the ubiquitous deployment footprint of Chrome.
Insufficient XML policy enforcement in Google Chrome on Android (prior to 150.0.7871.47) exposes process memory contents to remote attackers who can deliver a crafted HTML page. The flaw is classified under CWE-284 (Improper Access Control), allowing the browser's XML handling to bypass intended isolation boundaries and leak potentially sensitive in-process data - such as cookies, credentials, or other runtime state - to an attacker-controlled origin. No active exploitation is confirmed in CISA KEV and no public proof-of-concept has been identified at time of analysis, though the CVSS score of 6.5 (Medium) reflects meaningful real-world risk given the zero-authentication, high-confidentiality-impact profile.
Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Cross-origin data leakage in Google Chrome's PerformanceAPI implementation (versions prior to 150.0.7871.47) allows a remote unauthenticated attacker to infer sensitive data from other browser origins by luring a victim to visit a crafted HTML page. The flaw exploits timing measurements exposed by the Performance API to create a side-channel that bypasses the Same-Origin Policy for limited data reads. No public exploit code or active exploitation (CISA KEV) has been identified; EPSS probability stands at 0.21% (11th percentile), consistent with SSVC's 'exploitation: none' assessment.
Sandbox escape in Google Chrome desktop before 150.0.7871.47 lets an attacker who has already compromised the renderer process break out of the renderer sandbox by abusing insufficient policy enforcement in the browser's USB (WebUSB) handling, delivered through a crafted HTML page. The flaw is rated Medium by Chromium but carries a high CVSS (8.3) due to the scope change from renderer to browser process; EPSS is low (0.21%, 11th percentile) and there is no public exploit identified at time of analysis. A vendor patch is available in the June 2026 Stable channel update.
Uninitialized GPU memory use in Google Chrome prior to 150.0.7871.47 enables a remote attacker who has already compromised the renderer process to read sensitive data from GPU process memory by delivering a crafted HTML page. This is a second-stage information disclosure primitive - exploitation is contingent on a prior renderer compromise, making it a component of a multi-vulnerability attack chain rather than a standalone critical issue. No public exploit code or CISA KEV listing has been identified at time of analysis; Google has released a patched stable channel build (150.0.7871.47).
Insufficient policy enforcement in the Payments component of Google Chrome on Android prior to 150.0.7871.47 exposes potentially sensitive data from process memory to remote attackers. Exploitation requires a victim to visit a specially crafted HTML page, making this a user-interaction-dependent, network-delivered information disclosure. No active exploitation is confirmed (SSVC: Exploitation: none; not listed in CISA KEV), and no public exploit code has been identified at time of analysis, though the CVSS confidentiality impact is rated High due to the potential for process memory leakage.
Uninitialized memory read in Google Chrome's XR (Extended Reality/WebXR) subsystem exposes process memory to a remote attacker who has already achieved renderer process compromise. Affected versions are all Chrome releases prior to 150.0.7871.47. This is a second-stage, chained vulnerability - an attacker leverages a crafted HTML page to trigger the uninitialized read and extract sensitive data from process memory, but only after separately exploiting a renderer process escape. No public exploit code or CISA KEV listing has been identified at time of analysis.
Cross-origin data leakage in Google Chrome on iOS (prior to 150.0.7871.47) stems from an inappropriate implementation in the ScriptInjections subsystem, exploitable by a remote attacker who can lure a victim to a crafted HTML page. The flaw allows the attacker's origin to read data belonging to a different, protected origin - a fundamental violation of the Same-Origin Policy on Apple's iOS platform. No public exploit code has been identified at time of analysis, EPSS places exploitation probability at 0.22% (13th percentile), and SSVC signals no observed active exploitation, making this a medium-priority patch item despite its cross-origin impact.
Uninitialized memory use in Chrome's CSS engine on Android exposes potentially sensitive process memory contents to remote attackers via a crafted HTML page. Unauthenticated remote attackers can trigger this information leak against any Android Chrome user who visits attacker-controlled content (CVSS PR:N, UI:R), with high confidentiality impact per the CVSS vector. Notably, Chromium's internal severity rating is Medium despite the C:H CVSS impact, suggesting reliable extraction of useful sensitive data may be inconsistent in practice; no public exploit code or CISA KEV listing exists at time of analysis.
Inappropriate implementation in SiteSettings in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Uninitialized memory exposure in Google Chrome's Cast component prior to 150.0.7871.47 allows an unauthenticated attacker on the same local network segment to leak sensitive contents from the browser's process memory via malicious Cast protocol traffic. The root cause is CWE-457 (Use of Uninitialized Variable): memory allocated for Cast operations is not zeroed before use, allowing residual in-memory data - potentially including credentials, session tokens, or cached page content - to be disclosed in responses to crafted network input. No public exploit has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis; Google has released a patched build.
Integer overflow in Fonts in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)
Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Memory disclosure in Google Chrome's Passwords component on Android prior to 150.0.7871.47 allows a remote attacker to extract potentially sensitive information from process memory. Exploitation requires luring a target user to visit a specially crafted HTML page, placing this squarely in the social-engineering-assisted drive-by category. No public exploit code has been identified at time of analysis, but the high confidentiality impact (C:H in CVSS) indicates meaningful credential exposure risk given Chrome's role as a primary password manager on Android devices.
Side-channel information leakage in ComputePressure in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Insufficient policy enforcement in Chrome's built-in Passwords subsystem (prior to 150.0.7871.47) allows a remote attacker who has already compromised the renderer process to read potentially sensitive credential data from process memory via a crafted HTML page. This is a second-stage, chained information-disclosure flaw - not a standalone exploit - that bypasses Chrome's inter-process access boundaries to reach password manager data. No public exploit code has been identified at time of analysis, and a vendor patch is confirmed available in Chrome 150.0.7871.47.
Cross-origin data exfiltration in Google Chrome's Sharing feature on Android exposes sensitive page content to remote attackers who have already compromised the renderer process, exploitable via a crafted HTML page. All Chrome for Android builds prior to 150.0.7871.47 are affected; the fixed release is confirmed by Google's stable channel advisory. EPSS of 0.21% (11th percentile) and absence from CISA KEV indicate negligible observed exploitation pressure at time of analysis, though the high confidentiality impact and ubiquitous deployment of Chrome on Android make patching a clear priority.
UI spoofing in Google Chrome on Windows (prior to 150.0.7871.47) allows a remote attacker who has already compromised the renderer process to manipulate the browser interface via a specially crafted HTML page, potentially deceiving users into interacting with falsified content or controls. The vulnerability stems from an inappropriate implementation in the Media component and is classified as medium severity (CVSS 6.5). No public exploit code or active exploitation has been identified - EPSS sits at the 11th percentile (0.21%) and no CISA KEV listing exists - and a vendor patch is confirmed available in Chrome 150.0.7871.47.
Navigation restriction bypass in Google Chrome prior to version 150.0.7871.47 enables remote attackers to circumvent browser policy enforcement via a crafted HTML page targeting the 'Actor' component. The flaw is rooted in CWE-602 (Client-Side Enforcement of Server-Side Security), where controls that should be authoritative are applied within the browser and can be subverted by an adversary-controlled page. EPSS at 0.22% (13th percentile) indicates low current exploitation probability, no public exploit code has been identified, and the vulnerability is not listed in CISA KEV; no public exploit identified at time of analysis.
Navigation restriction bypass in Google Chrome's DevTools component on Android (all versions prior to 150.0.7871.47) allows a local attacker to circumvent policy-enforced browsing controls by delivering a crafted malicious file. The vulnerability is confined to Android - desktop Chrome is not in scope - and requires user interaction with the malicious file, substantially narrowing the realistic attack surface. No public exploit code exists and no active exploitation has been confirmed; an EPSS score of 0.14% (3rd percentile) corroborates low real-world exploitation probability at time of analysis.
Insufficient validation of untrusted input in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Insufficient validation of untrusted input in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)
Navigation restriction bypass in Google Chrome prior to 150.0.7871.47 enables a remote attacker who has already compromised the renderer process to circumvent Chrome's network navigation controls via a crafted HTML page. The vulnerability stems from CWE-20 (Improper Input Validation) in Chrome's Network component, producing a high-integrity impact with no confidentiality or availability loss. No public exploit code has been identified at time of analysis, and EPSS at 0.22% (13th percentile) places exploitation likelihood well below the median, though the pre-compromised renderer prerequisite makes this a chained attack vector relevant primarily within multi-stage browser exploitation chains.
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)
Same-origin policy bypass in Google Chrome's WebView component on Android enables a remote attacker who has already compromised the renderer process to perform cross-origin integrity violations by serving a crafted HTML page. Affected versions are all Chrome for Android releases prior to 150.0.7871.47. This is explicitly a chained attack requiring a pre-existing renderer compromise, making it a second-stage exploit rather than a standalone entry point. No public exploit code exists and no public exploitation has been confirmed at time of analysis.
Uninitialized GPU memory use in Google Chrome on Android prior to 150.0.7871.47 allows a remote attacker to read potentially sensitive data from process memory by luring a user to a crafted HTML page. The flaw (CWE-457) is confined to the Android GPU code path and requires only user interaction to trigger, with CVSS confirming unauthenticated network delivery and High confidentiality impact. No public exploit code or active exploitation via CISA KEV has been identified at time of analysis; Google has released a fix in stable channel version 150.0.7871.47.
Side-channel cross-origin data leakage in Google Chrome's Paint rendering component (all versions prior to 150.0.7871.47) allows remote attackers to infer sensitive content belonging to other origins by enticing a victim to visit a crafted HTML page. The vulnerability exploits a weakness in the Paint subsystem's rendering pipeline (CWE-1300: Improper Protection of Physical Side Channels), enabling an attacker page to observe rendering state or timing variations and reconstruct protected cross-origin data. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; EPSS probability is low at 0.21% (11th percentile). Vendor-released patch is available in Chrome 150.0.7871.47.
Same-origin policy bypass in Google Chrome's DeviceBoundSessionCredentials component allows remote attackers to violate cross-origin isolation guarantees via a crafted HTML page. Affected are all Chrome desktop releases prior to 150.0.7871.47 on all supported platforms. Exploitation requires user interaction (visiting an attacker-controlled page) and yields high integrity impact - enabling cross-origin state manipulation - with no confidentiality or availability consequence. No active exploitation is confirmed (not in CISA KEV), EPSS is low at 0.22% (13th percentile), and SSVC rates exploitation as none with partial technical impact; a vendor patch is available.
Sandbox escape in Google Chrome on Windows before 150.0.7871.47 lets an attacker who has already compromised the renderer process break out of the browser sandbox by serving a crafted HTML page that abuses insufficient input validation in the Media component. Google rates the Chromium security severity as Medium and a fix is shipped in the stable channel, but no public exploit has been identified and EPSS exploitation probability is low at 0.21%. The high 9.6 CVSS reflects the total system compromise possible once chained, not standalone exploitability.
Site isolation bypass in Google Chrome prior to 150.0.7871.47 enables a remote attacker who has already compromised the renderer process to circumvent extension policy enforcement and escape site isolation boundaries via a crafted HTML page. The root cause (CWE-602) is client-side enforcement of security policies in the Extensions subsystem that can be subverted once the renderer is under attacker control. No active exploitation has been confirmed - EPSS is 0.22% (13th percentile), SSVC rates exploitation as none and the attack as non-automatable - and a vendor-released patch is available in Chrome 150.0.7871.47.
Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Navigation restriction bypass in Google Chrome for iOS (prior to 150.0.7871.47) allows a remote attacker to subvert browser-enforced navigation controls by luring a user into performing specific UI gestures on a crafted HTML page. Classified as CWE-20 (Improper Input Validation), the flaw undermines integrity by permitting unauthorized navigation that the browser is intended to block. No public exploit code exists and EPSS sits at 0.22% (13th percentile), indicating low observed exploitation probability; the vulnerability is not listed in CISA KEV.
UI spoofing in Google Chrome for iOS prior to version 150.0.7871.47 allows a remote attacker to misrepresent browser interface elements - such as the address bar or origin indicators - by serving a crafted HTML page, potentially deceiving users into trusting malicious content. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) confirms network-reachable exploitation with no privilege requirement but mandatory user interaction, limiting impact to partial integrity loss with no confidentiality or availability effect. No public exploit or active exploitation has been identified; an EPSS score of 0.21% at the 11th percentile indicates very low current exploitation probability, and this vulnerability does not appear in the CISA KEV catalog.
Heap corruption in Google Chrome for iOS before 150.0.7871.47 lets a remote attacker who lures a user through specific in-page UI gestures on a crafted HTML page trigger a use-after-free (CWE-416), potentially leading to arbitrary code execution in the renderer. Rated Medium by the Chromium security team but scored CVSS 8.8 due to full confidentiality/integrity/availability impact; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. EPSS is low at 0.21% (11th percentile), consistent with a freshly patched browser bug that has no known weaponization.
Chrome's built-in Passwords subsystem on macOS leaks sensitive process memory contents when a malicious file is processed, potentially exposing stored credentials or authentication tokens to a local attacker. All Google Chrome releases for Mac prior to 150.0.7871.47 are affected. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in CISA KEV; however, the confidentiality impact is rated High given the nature of the data at risk within the Passwords feature.
Cross-origin data leakage in Google Chrome's Autofill subsystem on iOS (versions prior to 150.0.7871.47) enables remote attackers to read sensitive data across origin boundaries by luring victims into performing specific UI gestures on a crafted page. Rooted in CWE-346 (Origin Validation Error), the Autofill policy enforcement layer fails to maintain proper origin isolation under targeted interaction conditions. With an EPSS of 0.21% (11th percentile) and no CISA KEV listing, no public exploit identified at time of analysis, though the CVSS-rated High confidentiality impact warrants prompt patching given Chrome's broad iOS deployment footprint.
UI spoofing in Google Chrome's Safe Browsing component on iOS enables remote attackers to mislead users through a crafted HTML page, potentially causing them to dismiss or misinterpret security warnings. Only Chrome for iOS versions prior to 150.0.7871.47 are affected; the desktop channel is not impacted by this specific flaw. No public exploit code exists and exploitation probability is very low (EPSS 0.21%, 11th percentile), though the network-accessible, zero-authentication attack surface keeps it relevant where phishing-style delivery is feasible.
Insufficient policy enforcement in the Spellcheck component of Google Chrome prior to 150.0.7871.47 exposes process memory to attackers who have already achieved renderer process compromise. The vulnerability enables a second-stage information disclosure step in a chained attack: after compromising the renderer, the attacker serves a crafted HTML page that exploits the Spellcheck policy gap to read potentially sensitive data from memory. No public exploit code or active exploitation via CISA KEV has been identified at time of analysis; Google has released a fix in the stable channel update.
Cross-origin data leakage in the WebXR implementation of Google Chrome on Android (versions prior to 150.0.7871.47) allows remote unauthenticated attackers to exfiltrate sensitive cross-origin information by enticing a victim to visit a crafted HTML page. The flaw is rooted in CWE-693 (Protection Mechanism Failure), where WebXR fails to enforce cross-origin isolation policies on Android specifically. No public exploit code has been identified and EPSS sits at 0.21% (11th percentile), indicating low observed exploitation probability; the vulnerability is not listed in the CISA KEV catalog.
Sandbox escape in Google Chrome DevTools before 150.0.7871.47 lets a remote attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page, stemming from insufficient policy enforcement (CWE-693). NVD scores this 9.6 with a scope-change vector, though Google rates the Chromium severity only Medium and it is a second-stage bug requiring prior renderer compromise. No public exploit has been identified at time of analysis and EPSS is low (0.21%), consistent with a chained rather than standalone threat.
Navigation restriction bypass in Google Chrome's Omnibox on iOS (prior to 150.0.7871.47) enables a remote attacker to circumvent address bar security controls through insufficient input validation, contingent on user interaction with specific UI gestures during exposure to malicious network traffic. The integrity impact is rated High (I:H) with no confidentiality or availability impact, consistent with a content/navigation spoofing class of vulnerability. No public exploit code or CISA KEV listing has been identified; EPSS score of 0.20% (10th percentile) indicates low observed exploitation probability at time of analysis.
UI spoofing in Google Chrome's iOSWeb component on iOS allows remote attackers to misrepresent interface elements to users running versions prior to 150.0.7871.47. The vulnerability, rooted in an inappropriate implementation (CWE-451), is triggered when a user performs specific UI gestures on a crafted HTML page, enabling spoofing of security-critical browser interface elements such as the address bar or permission dialogs. No public exploit or active exploitation (CISA KEV) has been identified at time of analysis; the high attack complexity and mandatory user interaction meaningfully constrain real-world risk.
Out-of-bounds read in Google Chrome's Codecs component (prior to 150.0.7871.47) enables remote attackers to leak sensitive data from renderer process memory by delivering a crafted HTML page. The CVSS C:H rating reflects meaningful exposure of in-process data such as session tokens or credentials, though Chromium's own team assessed this as Medium severity, and the sandbox boundary (S:U) limits blast radius to the renderer. No public exploit code and no CISA KEV listing have been identified at time of analysis.
Race condition exploitation in Google Chrome for iOS (prior to 150.0.7871.47) exposes potentially sensitive data from process memory to a local attacker with physical device access. The flaw is rooted in improper synchronization (CWE-362) and requires high attack complexity to successfully win the timing window. No public exploit has been identified and the vulnerability is not listed in CISA KEV; the vendor has released a patching fix in the 150.0.7871.47 stable channel update.
Navigation restriction bypass in Google Chrome's Safe Browsing implementation on iOS allows a remote, unauthenticated attacker to circumvent phishing and malicious-site protections via a specially crafted HTML page, affecting all Chrome for iOS versions prior to 150.0.7871.47. The flaw is classified as CWE-693 (Protection Mechanism Failure), meaning the Safe Browsing guard can be rendered ineffective rather than defeated through cryptographic or authentication means. No public exploit or CISA KEV listing has been identified, and the EPSS score of 0.23% (14th percentile) signals low current exploitation probability - but the zero-prerequisite network delivery and high integrity impact make this a meaningful risk for iOS users who have not updated.
Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
UI spoofing in Google Chrome for iOS prior to version 150.0.7871.47 enables remote attackers to misrepresent browser interface elements - such as address bars or security indicators - by delivering a crafted HTML page to a victim on an iOS device. Rooted in CWE-451 (UI Misrepresentation of Critical Information), the flaw exploits an inappropriate implementation specific to Chrome's iOS code path, which differs from desktop Chrome due to WKWebView constraints imposed by Apple. No public exploit code exists, CISA SSVC rates exploitation as none, and EPSS sits at the 12th percentile, indicating minimal real-world threat at time of analysis.
Sandbox escape in Google Chrome desktop before 150.0.7871.47 lets an attacker who already controls a compromised renderer process break out of the browser sandbox through insufficient policy enforcement in the Web Serial API, using a crafted HTML page. Google rated the underlying Chromium bug Medium severity even though NVD assigns a 9.6 CVSS due to the scope-changing impact. There is no public exploit identified at time of analysis, and the EPSS probability is low (0.22%, 12th percentile).
Navigation restriction bypass in Google Chrome's Chromecast implementation (versions prior to 150.0.7871.47) allows a remote attacker who has already compromised the renderer process to circumvent navigation restrictions via a specially crafted HTML page. This is a post-compromise escalation primitive rather than a standalone entry point - the renderer must already be under attacker control, making this a link in an exploit chain rather than an initial access vector. No public exploit has been identified at time of analysis; EPSS at 0.23% (14th percentile) reflects very low observed exploitation probability, consistent with the chained-exploit requirement.
Use after free in HTML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Sandboxed remote code execution in Google Chrome's Cast Receiver component affects all desktop builds prior to 150.0.7871.47, where a use-after-free (CWE-416) can be triggered by luring a victim to a crafted HTML page. Google rates the Chromium severity as Medium because the resulting code execution is confined to the browser sandbox, though NVD scores it CVSS 8.8; there is no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.27% (18th percentile).
Insufficient policy enforcement in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Navigation restriction bypass in Google Chrome's Glic feature (versions prior to 150.0.7871.47) enables remote attackers to circumvent policy enforcement controls by delivering a crafted HTML page that triggers insufficient validation logic. The flaw maps to CWE-602, meaning security enforcement intended to be authoritative is implemented client-side in a bypassable manner, resulting in high integrity impact with no confidentiality or availability consequence. No public exploit or active exploitation has been identified at time of analysis, and EPSS at 0.22% (13th percentile) reflects low current exploitation probability.
UI spoofing via Chrome's Autofill component affects all desktop installations prior to version 150.0.7871.47, enabling a remote attacker to misrepresent interface elements through a crafted HTML page. Exploitation requires both navigating to an attacker-controlled page and performing specific UI gestures, reflected in CVSS AC:H and UI:R - passive browsing is insufficient. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; the CVSS 4.2 Medium score reflects limited integrity and availability impact with no confidentiality loss.
Navigation restriction bypass in Google Chrome prior to 150.0.7871.47 enables a network-positioned attacker to circumvent browser-enforced navigation policies via a crafted HTML page. The attacker must occupy a privileged network position (e.g., man-in-the-middle) and requires user interaction with the malicious page, per the CVSS UI:R and the description's explicit network-position prerequisite. With an EPSS of 0.15% at the 5th percentile, no public exploit code, and no CISA KEV listing, exploitation probability is low - this is a medium-severity issue with a meaningful but situational attack barrier.
Cross-origin data exfiltration in Google Chrome's WebUI component (versions prior to 150.0.7871.47) enables remote attackers to leak sensitive data across origin boundaries by delivering crafted malicious network traffic to an unpatched browser. The flaw arises from insufficient input validation (CWE-20) within the WebUI layer, undermining same-origin policy protections and exposing data from isolated origins to attacker-controlled contexts. No active exploitation is confirmed - the vulnerability is absent from CISA KEV, EPSS sits at 0.20% (10th percentile), and no public POC has been identified; a vendor-released patch is available in Chrome 150.0.7871.47.
Cross-origin data leakage in Google Chrome for iOS prior to 150.0.7871.47 exposes sensitive information from other origins when a remote attacker convinces a victim to perform specific UI gestures on a crafted HTML page. The flaw stems from an inappropriate implementation in the iOS-specific Chrome browser layer, classified under CWE-451 (UI Misrepresentation), and enables confidentiality compromise without requiring attacker privileges. No public exploit code has been identified at time of analysis, and EPSS at 0.22% (12th percentile) signals low near-term automated exploitation risk.
Privilege escalation in Google Chrome's Extensions component (versions prior to 150.0.7871.47) lets a remote attacker who has already compromised the renderer process break out via a crafted HTML page. Rated Medium by Chromium and CVSS 7.5, it stems from insufficient validation of untrusted input (CWE-20) and requires user interaction plus a pre-existing renderer foothold. There is no public exploit identified at time of analysis, EPSS is low (0.22%, 12th percentile), and it is not on CISA KEV.
Out-of-bounds read in the Chromecast component of Google Chrome prior to 150.0.7871.47 enables a remote attacker, who has already achieved renderer process compromise, to exfiltrate potentially sensitive data from process memory via a crafted HTML page. This is a second-stage, chained vulnerability - it cannot be exploited in isolation and requires a prior renderer compromise as a prerequisite. Google has released a patch in Chrome 150.0.7871.47; no public exploit code or CISA KEV listing has been identified at time of analysis.
Side-channel information leakage in WebAuthentication within Google Chrome on iOS (versions prior to 150.0.7871.47) enables a remote attacker to infer cross-origin data by directing a victim to a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) confirms network-exploitable impact with high confidentiality loss, constrained by mandatory user interaction and scoped exclusively to the iOS platform. No public exploit identified at time of analysis; EPSS at 0.25% (16th percentile) signals low near-term exploitation probability, and no CISA KEV listing is present.
Use-after-free in the Extensions component of Google Chrome before 150.0.7871.47 lets a remote attacker execute arbitrary code within the renderer sandbox when a victim opens a crafted HTML page. Chromium rated the security severity Medium, though the associated CVSS score is 8.8 (High) due to network vector and high impact; there is no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.26%. Google has shipped a fixed Stable channel build.
Cross-origin data leakage in Google Chrome's NFC implementation on Android exposes sensitive information to attackers who have already compromised the renderer process. Chrome versions prior to 150.0.7871.47 on Android fail to properly validate origins when handling NFC interactions, allowing a renderer-level attacker to read data across origin boundaries via a crafted HTML page. No public exploit or CISA KEV listing exists at time of analysis, and EPSS sits at the 11th percentile, indicating low observed exploitation probability despite the theoretical confidentiality impact.
Content Security Policy bypass in Google Chrome's Isolated Web Apps (IWA) subsystem allows remote attackers to circumvent enforcement mechanisms via a specially crafted HTML page, resulting in high-integrity impact with no confidentiality or availability consequence. Affected versions are all Chrome releases prior to 150.0.7871.47. User interaction is required - the victim must visit the attacker-controlled page - and no public exploit or CISA KEV listing has been identified at time of analysis. The low EPSS score of 0.22% (13th percentile) reinforces that active exploitation is not currently observed.
Sandboxed remote code execution in Google Chrome for Android before 150.0.7871.47, stemming from a use-after-free in the Skia graphics library, lets a remote attacker run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. Google rated the Chromium security severity as Medium, and no public exploit has been identified at time of analysis; the EPSS score is low (0.26%, 17th percentile), and the bug is not on CISA KEV. Exploitation requires user interaction (visiting the malicious page) but no authentication.
Heap-based integer overflow in Google Chrome's Chromecast component allows an adjacent-network attacker to achieve arbitrary code execution against browsers running versions prior to 150.0.7871.47. The flaw is reachable via crafted malicious network traffic and carries a high CVSS of 8.8; Google has shipped a stable-channel fix, and no public exploit has been identified at time of analysis. Chromium rates the underlying issue as Medium severity despite the high CVSS, reflecting the adjacency and interaction constraints.
Type Confusion in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Race in USB in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Same-origin policy bypass in Google Chrome's WebAppInstalls component allows remote attackers to compromise cross-origin integrity via a crafted HTML page, affecting all Chrome versions prior to 150.0.7871.47. The flaw stems from an inappropriate implementation (CWE-346, Origin Validation Error) in the PWA installation subsystem, enabling an attacker to perform unauthorized cross-origin writes or manipulations when a user visits attacker-controlled content. No public exploit identified at time of analysis, and the EPSS score of 0.23% (14th percentile) indicates low near-term exploitation probability, though the ubiquitous deployment of Chrome elevates aggregate exposure.
Use after free in USB in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Use-after-free in Google Chrome's Bluetooth subsystem (all versions prior to 150.0.7871.47) enables an unauthenticated attacker within Bluetooth radio range to leak sensitive data from Chrome's process memory by operating a malicious Bluetooth peripheral. The CVSS vector (AV:A/PR:N/UI:N/C:H) confirms no attacker-side authentication is required and impact is confidentiality-only, with no integrity or availability loss. No public exploit code has been identified at time of analysis and CISA has not listed this in KEV; the Chromium security team rated this Medium severity, consistent with the bounded adjacency-only attack vector.
Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Process memory disclosure in Google Chrome's ANGLE graphics abstraction layer (versions prior to 150.0.7871.47) enables a renderer-compromised attacker to read potentially sensitive data from process memory via a crafted HTML page. This is a post-exploitation, second-stage vulnerability: it cannot be triggered without a prior renderer process compromise, functioning as a chaining component rather than a standalone entry point. No public exploit code or CISA KEV listing has been identified at time of analysis; Chromium's own team rates it Medium severity, consistent with the prerequisite attack complexity.
UI spoofing in Google Chrome prior to 150.0.7871.47 allows a remote attacker to visually deceive users by misrepresenting browser UI elements through a crafted HTML page that requires the victim to perform specific interaction gestures. The flaw originates in an inappropriate implementation within Chrome's UI layer (CWE-451), enabling misrepresentation of critical information that could mislead users into unintended actions or false security assumptions. No public exploit code has been identified and the vulnerability is absent from CISA KEV; Google has released a fix in Chrome 150.0.7871.47.
UI spoofing in Google Chrome's Paint component prior to version 150.0.7871.47 allows a remote, unauthenticated attacker to misrepresent critical interface elements by delivering a crafted HTML page to a victim. The root cause is an inappropriate implementation in the Paint rendering subsystem (CWE-451), enabling visual deception that could facilitate phishing or credential theft. No public exploit code has been identified and CISA SSVC rates exploitation as none, placing real-world risk well below what the network-reachable attack vector might imply.
Uninitialized memory read in Skia, Chrome's 2D graphics library, exposes process memory contents to an attacker who has already compromised the renderer process by delivering a crafted HTML page. Affected are all Chrome desktop installations prior to 150.0.7871.47; the confidentiality impact is scoped to renderer process memory, which may contain session tokens, DOM content, or cached credentials. No public exploit code and no CISA KEV listing have been identified at time of analysis; the CVSS Medium score of 5.3 reflects the high attack complexity imposed by the renderer pre-compromise prerequisite.
Uninitialized memory exposure in Google Chrome's Media component allows a remote attacker who has already compromised the renderer process to read potentially sensitive data from process memory by serving a crafted HTML page. Affected versions are all Chrome releases prior to 150.0.7871.47, across desktop platforms. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; exploitation requires a chained renderer compromise, significantly constraining real-world risk despite the high confidentiality impact rating.
Uninitialized memory exposure in the UI layer of Google Chrome on Android (prior to 150.0.7871.47) allows an attacker who has already compromised the renderer process to read potentially sensitive data from process memory by serving a crafted HTML page. The vulnerability is CWE-457 (use of uninitialized variable) and is scoped to the Android platform only. No public exploit code or active exploitation has been identified at time of analysis; a vendor patch has been released.
Arbitrary code execution in Google Chrome's DevTools component (versions prior to 150.0.7871.47) lets a remote attacker run code inside the renderer sandbox after luring a victim into performing specific UI gestures with a malicious file. Rated Medium by Chromium but scored CVSS 7.5, the flaw stems from insufficient validation of untrusted input (CWE-20); no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.24% (15th percentile).
Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.47) allows a remote attacker to run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. Exploitation requires user interaction (visiting a malicious page) but no authentication, and the flaw carries a CVSS 8.8 with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and EPSS is low (0.30%, 22nd percentile), indicating no evidence of widespread exploitation despite the high CVSS.
Inappropriate implementation in History in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Use after free in Oilpan in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Navigation restriction bypass in Google Chrome's WebView component on Android (all versions prior to 150.0.7871.47) allows remote unauthenticated attackers to circumvent enforcement of navigation policies via a specially crafted HTML page, producing high integrity impact with no confidentiality or availability consequence. The CVSS vector (PR:N, UI:R) confirms unauthenticated network exploitation gated on victim interaction, consistent with a social-engineering or malicious-redirect delivery. No public exploit exists and CISA has not added this to KEV; EPSS of 0.22% (13th percentile) and SSVC Exploitation:none collectively indicate low active exploitation probability at time of analysis.
Insufficient data validation in PDF in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Process memory disclosure in Google Chrome DevTools on Windows (versions prior to 150.0.7871.47) allows a remote attacker to read potentially sensitive data from browser process memory by serving a crafted HTML page and convincing a user to perform specific UI gestures. The flaw stems from insufficient input validation (CWE-20) within the DevTools subsystem and is limited to the Windows platform. No public exploit code or CISA KEV listing has been identified at time of analysis, but the confidentiality impact is rated High by NVD.
Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Insufficient validation of untrusted input in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
Uninitialized memory use in the codec subsystem of Google Chrome on Windows exposes potentially sensitive process memory contents to remote attackers via a crafted HTML page. All Chrome for Windows releases prior to 150.0.7871.47 are affected; the flaw is platform-specific and does not affect Chrome on Linux, macOS, or mobile. No public exploit code has been identified and this vulnerability is absent from the CISA KEV catalog, though the CVSS C:H rating reflects meaningful confidentiality risk, and the uninitialized read could serve as a precursor step toward ASLR bypass in a chained attack.
Incorrect security UI in Google Chrome's Extensions subsystem prior to version 150.0.7871.47 enables Universal Cross-Site Scripting (UXSS), allowing script or HTML injection across web origins via a crafted HTML page. Exploitation requires that the victim user be socially engineered into installing a malicious extension, after which a crafted page triggers the CWE-79 flaw in the Extensions UI. No public exploit exists at time of analysis, EPSS sits at the 4th percentile, and CISA has not listed this in KEV, consistent with the SSVC exploitation:none assessment.
UI spoofing in Google Chrome's PageInfo component (all versions prior to 150.0.7871.47) enables remote attackers to misrepresent the browser's security indicators through a crafted HTML page that induces specific user UI gestures. The flaw (CWE-451) causes the PageInfo panel - the panel users consult to evaluate site trustworthiness - to render incorrect security UI, potentially deceiving victims into trusting malicious or unverified origins. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog; exploitation requires high attack complexity and deliberate user interaction, keeping real-world risk moderate despite the ubiquitous deployment footprint of Chrome.
Insufficient XML policy enforcement in Google Chrome on Android (prior to 150.0.7871.47) exposes process memory contents to remote attackers who can deliver a crafted HTML page. The flaw is classified under CWE-284 (Improper Access Control), allowing the browser's XML handling to bypass intended isolation boundaries and leak potentially sensitive in-process data - such as cookies, credentials, or other runtime state - to an attacker-controlled origin. No active exploitation is confirmed in CISA KEV and no public proof-of-concept has been identified at time of analysis, though the CVSS score of 6.5 (Medium) reflects meaningful real-world risk given the zero-authentication, high-confidentiality-impact profile.
Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Cross-origin data leakage in Google Chrome's PerformanceAPI implementation (versions prior to 150.0.7871.47) allows a remote unauthenticated attacker to infer sensitive data from other browser origins by luring a victim to visit a crafted HTML page. The flaw exploits timing measurements exposed by the Performance API to create a side-channel that bypasses the Same-Origin Policy for limited data reads. No public exploit code or active exploitation (CISA KEV) has been identified; EPSS probability stands at 0.21% (11th percentile), consistent with SSVC's 'exploitation: none' assessment.
Sandbox escape in Google Chrome desktop before 150.0.7871.47 lets an attacker who has already compromised the renderer process break out of the renderer sandbox by abusing insufficient policy enforcement in the browser's USB (WebUSB) handling, delivered through a crafted HTML page. The flaw is rated Medium by Chromium but carries a high CVSS (8.3) due to the scope change from renderer to browser process; EPSS is low (0.21%, 11th percentile) and there is no public exploit identified at time of analysis. A vendor patch is available in the June 2026 Stable channel update.
Uninitialized GPU memory use in Google Chrome prior to 150.0.7871.47 enables a remote attacker who has already compromised the renderer process to read sensitive data from GPU process memory by delivering a crafted HTML page. This is a second-stage information disclosure primitive - exploitation is contingent on a prior renderer compromise, making it a component of a multi-vulnerability attack chain rather than a standalone critical issue. No public exploit code or CISA KEV listing has been identified at time of analysis; Google has released a patched stable channel build (150.0.7871.47).
Insufficient policy enforcement in the Payments component of Google Chrome on Android prior to 150.0.7871.47 exposes potentially sensitive data from process memory to remote attackers. Exploitation requires a victim to visit a specially crafted HTML page, making this a user-interaction-dependent, network-delivered information disclosure. No active exploitation is confirmed (SSVC: Exploitation: none; not listed in CISA KEV), and no public exploit code has been identified at time of analysis, though the CVSS confidentiality impact is rated High due to the potential for process memory leakage.
Uninitialized memory read in Google Chrome's XR (Extended Reality/WebXR) subsystem exposes process memory to a remote attacker who has already achieved renderer process compromise. Affected versions are all Chrome releases prior to 150.0.7871.47. This is a second-stage, chained vulnerability - an attacker leverages a crafted HTML page to trigger the uninitialized read and extract sensitive data from process memory, but only after separately exploiting a renderer process escape. No public exploit code or CISA KEV listing has been identified at time of analysis.
Cross-origin data leakage in Google Chrome on iOS (prior to 150.0.7871.47) stems from an inappropriate implementation in the ScriptInjections subsystem, exploitable by a remote attacker who can lure a victim to a crafted HTML page. The flaw allows the attacker's origin to read data belonging to a different, protected origin - a fundamental violation of the Same-Origin Policy on Apple's iOS platform. No public exploit code has been identified at time of analysis, EPSS places exploitation probability at 0.22% (13th percentile), and SSVC signals no observed active exploitation, making this a medium-priority patch item despite its cross-origin impact.
Uninitialized memory use in Chrome's CSS engine on Android exposes potentially sensitive process memory contents to remote attackers via a crafted HTML page. Unauthenticated remote attackers can trigger this information leak against any Android Chrome user who visits attacker-controlled content (CVSS PR:N, UI:R), with high confidentiality impact per the CVSS vector. Notably, Chromium's internal severity rating is Medium despite the C:H CVSS impact, suggesting reliable extraction of useful sensitive data may be inconsistent in practice; no public exploit code or CISA KEV listing exists at time of analysis.
Inappropriate implementation in SiteSettings in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Uninitialized memory exposure in Google Chrome's Cast component prior to 150.0.7871.47 allows an unauthenticated attacker on the same local network segment to leak sensitive contents from the browser's process memory via malicious Cast protocol traffic. The root cause is CWE-457 (Use of Uninitialized Variable): memory allocated for Cast operations is not zeroed before use, allowing residual in-memory data - potentially including credentials, session tokens, or cached page content - to be disclosed in responses to crafted network input. No public exploit has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis; Google has released a patched build.
Integer overflow in Fonts in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)
Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Memory disclosure in Google Chrome's Passwords component on Android prior to 150.0.7871.47 allows a remote attacker to extract potentially sensitive information from process memory. Exploitation requires luring a target user to visit a specially crafted HTML page, placing this squarely in the social-engineering-assisted drive-by category. No public exploit code has been identified at time of analysis, but the high confidentiality impact (C:H in CVSS) indicates meaningful credential exposure risk given Chrome's role as a primary password manager on Android devices.
Side-channel information leakage in ComputePressure in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Insufficient policy enforcement in Chrome's built-in Passwords subsystem (prior to 150.0.7871.47) allows a remote attacker who has already compromised the renderer process to read potentially sensitive credential data from process memory via a crafted HTML page. This is a second-stage, chained information-disclosure flaw - not a standalone exploit - that bypasses Chrome's inter-process access boundaries to reach password manager data. No public exploit code has been identified at time of analysis, and a vendor patch is confirmed available in Chrome 150.0.7871.47.
Cross-origin data exfiltration in Google Chrome's Sharing feature on Android exposes sensitive page content to remote attackers who have already compromised the renderer process, exploitable via a crafted HTML page. All Chrome for Android builds prior to 150.0.7871.47 are affected; the fixed release is confirmed by Google's stable channel advisory. EPSS of 0.21% (11th percentile) and absence from CISA KEV indicate negligible observed exploitation pressure at time of analysis, though the high confidentiality impact and ubiquitous deployment of Chrome on Android make patching a clear priority.
UI spoofing in Google Chrome on Windows (prior to 150.0.7871.47) allows a remote attacker who has already compromised the renderer process to manipulate the browser interface via a specially crafted HTML page, potentially deceiving users into interacting with falsified content or controls. The vulnerability stems from an inappropriate implementation in the Media component and is classified as medium severity (CVSS 6.5). No public exploit code or active exploitation has been identified - EPSS sits at the 11th percentile (0.21%) and no CISA KEV listing exists - and a vendor patch is confirmed available in Chrome 150.0.7871.47.
Navigation restriction bypass in Google Chrome prior to version 150.0.7871.47 enables remote attackers to circumvent browser policy enforcement via a crafted HTML page targeting the 'Actor' component. The flaw is rooted in CWE-602 (Client-Side Enforcement of Server-Side Security), where controls that should be authoritative are applied within the browser and can be subverted by an adversary-controlled page. EPSS at 0.22% (13th percentile) indicates low current exploitation probability, no public exploit code has been identified, and the vulnerability is not listed in CISA KEV; no public exploit identified at time of analysis.
Navigation restriction bypass in Google Chrome's DevTools component on Android (all versions prior to 150.0.7871.47) allows a local attacker to circumvent policy-enforced browsing controls by delivering a crafted malicious file. The vulnerability is confined to Android - desktop Chrome is not in scope - and requires user interaction with the malicious file, substantially narrowing the realistic attack surface. No public exploit code exists and no active exploitation has been confirmed; an EPSS score of 0.14% (3rd percentile) corroborates low real-world exploitation probability at time of analysis.
Insufficient validation of untrusted input in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Insufficient validation of untrusted input in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)
Navigation restriction bypass in Google Chrome prior to 150.0.7871.47 enables a remote attacker who has already compromised the renderer process to circumvent Chrome's network navigation controls via a crafted HTML page. The vulnerability stems from CWE-20 (Improper Input Validation) in Chrome's Network component, producing a high-integrity impact with no confidentiality or availability loss. No public exploit code has been identified at time of analysis, and EPSS at 0.22% (13th percentile) places exploitation likelihood well below the median, though the pre-compromised renderer prerequisite makes this a chained attack vector relevant primarily within multi-stage browser exploitation chains.
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)
Same-origin policy bypass in Google Chrome's WebView component on Android enables a remote attacker who has already compromised the renderer process to perform cross-origin integrity violations by serving a crafted HTML page. Affected versions are all Chrome for Android releases prior to 150.0.7871.47. This is explicitly a chained attack requiring a pre-existing renderer compromise, making it a second-stage exploit rather than a standalone entry point. No public exploit code exists and no public exploitation has been confirmed at time of analysis.
Uninitialized GPU memory use in Google Chrome on Android prior to 150.0.7871.47 allows a remote attacker to read potentially sensitive data from process memory by luring a user to a crafted HTML page. The flaw (CWE-457) is confined to the Android GPU code path and requires only user interaction to trigger, with CVSS confirming unauthenticated network delivery and High confidentiality impact. No public exploit code or active exploitation via CISA KEV has been identified at time of analysis; Google has released a fix in stable channel version 150.0.7871.47.
Side-channel cross-origin data leakage in Google Chrome's Paint rendering component (all versions prior to 150.0.7871.47) allows remote attackers to infer sensitive content belonging to other origins by enticing a victim to visit a crafted HTML page. The vulnerability exploits a weakness in the Paint subsystem's rendering pipeline (CWE-1300: Improper Protection of Physical Side Channels), enabling an attacker page to observe rendering state or timing variations and reconstruct protected cross-origin data. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; EPSS probability is low at 0.21% (11th percentile). Vendor-released patch is available in Chrome 150.0.7871.47.
Same-origin policy bypass in Google Chrome's DeviceBoundSessionCredentials component allows remote attackers to violate cross-origin isolation guarantees via a crafted HTML page. Affected are all Chrome desktop releases prior to 150.0.7871.47 on all supported platforms. Exploitation requires user interaction (visiting an attacker-controlled page) and yields high integrity impact - enabling cross-origin state manipulation - with no confidentiality or availability consequence. No active exploitation is confirmed (not in CISA KEV), EPSS is low at 0.22% (13th percentile), and SSVC rates exploitation as none with partial technical impact; a vendor patch is available.
Sandbox escape in Google Chrome on Windows before 150.0.7871.47 lets an attacker who has already compromised the renderer process break out of the browser sandbox by serving a crafted HTML page that abuses insufficient input validation in the Media component. Google rates the Chromium security severity as Medium and a fix is shipped in the stable channel, but no public exploit has been identified and EPSS exploitation probability is low at 0.21%. The high 9.6 CVSS reflects the total system compromise possible once chained, not standalone exploitability.
Site isolation bypass in Google Chrome prior to 150.0.7871.47 enables a remote attacker who has already compromised the renderer process to circumvent extension policy enforcement and escape site isolation boundaries via a crafted HTML page. The root cause (CWE-602) is client-side enforcement of security policies in the Extensions subsystem that can be subverted once the renderer is under attacker control. No active exploitation has been confirmed - EPSS is 0.22% (13th percentile), SSVC rates exploitation as none and the attack as non-automatable - and a vendor-released patch is available in Chrome 150.0.7871.47.
Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Navigation restriction bypass in Google Chrome for iOS (prior to 150.0.7871.47) allows a remote attacker to subvert browser-enforced navigation controls by luring a user into performing specific UI gestures on a crafted HTML page. Classified as CWE-20 (Improper Input Validation), the flaw undermines integrity by permitting unauthorized navigation that the browser is intended to block. No public exploit code exists and EPSS sits at 0.22% (13th percentile), indicating low observed exploitation probability; the vulnerability is not listed in CISA KEV.
UI spoofing in Google Chrome for iOS prior to version 150.0.7871.47 allows a remote attacker to misrepresent browser interface elements - such as the address bar or origin indicators - by serving a crafted HTML page, potentially deceiving users into trusting malicious content. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) confirms network-reachable exploitation with no privilege requirement but mandatory user interaction, limiting impact to partial integrity loss with no confidentiality or availability effect. No public exploit or active exploitation has been identified; an EPSS score of 0.21% at the 11th percentile indicates very low current exploitation probability, and this vulnerability does not appear in the CISA KEV catalog.
Heap corruption in Google Chrome for iOS before 150.0.7871.47 lets a remote attacker who lures a user through specific in-page UI gestures on a crafted HTML page trigger a use-after-free (CWE-416), potentially leading to arbitrary code execution in the renderer. Rated Medium by the Chromium security team but scored CVSS 8.8 due to full confidentiality/integrity/availability impact; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. EPSS is low at 0.21% (11th percentile), consistent with a freshly patched browser bug that has no known weaponization.
Chrome's built-in Passwords subsystem on macOS leaks sensitive process memory contents when a malicious file is processed, potentially exposing stored credentials or authentication tokens to a local attacker. All Google Chrome releases for Mac prior to 150.0.7871.47 are affected. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in CISA KEV; however, the confidentiality impact is rated High given the nature of the data at risk within the Passwords feature.
Cross-origin data leakage in Google Chrome's Autofill subsystem on iOS (versions prior to 150.0.7871.47) enables remote attackers to read sensitive data across origin boundaries by luring victims into performing specific UI gestures on a crafted page. Rooted in CWE-346 (Origin Validation Error), the Autofill policy enforcement layer fails to maintain proper origin isolation under targeted interaction conditions. With an EPSS of 0.21% (11th percentile) and no CISA KEV listing, no public exploit identified at time of analysis, though the CVSS-rated High confidentiality impact warrants prompt patching given Chrome's broad iOS deployment footprint.
UI spoofing in Google Chrome's Safe Browsing component on iOS enables remote attackers to mislead users through a crafted HTML page, potentially causing them to dismiss or misinterpret security warnings. Only Chrome for iOS versions prior to 150.0.7871.47 are affected; the desktop channel is not impacted by this specific flaw. No public exploit code exists and exploitation probability is very low (EPSS 0.21%, 11th percentile), though the network-accessible, zero-authentication attack surface keeps it relevant where phishing-style delivery is feasible.
Insufficient policy enforcement in the Spellcheck component of Google Chrome prior to 150.0.7871.47 exposes process memory to attackers who have already achieved renderer process compromise. The vulnerability enables a second-stage information disclosure step in a chained attack: after compromising the renderer, the attacker serves a crafted HTML page that exploits the Spellcheck policy gap to read potentially sensitive data from memory. No public exploit code or active exploitation via CISA KEV has been identified at time of analysis; Google has released a fix in the stable channel update.
Cross-origin data leakage in the WebXR implementation of Google Chrome on Android (versions prior to 150.0.7871.47) allows remote unauthenticated attackers to exfiltrate sensitive cross-origin information by enticing a victim to visit a crafted HTML page. The flaw is rooted in CWE-693 (Protection Mechanism Failure), where WebXR fails to enforce cross-origin isolation policies on Android specifically. No public exploit code has been identified and EPSS sits at 0.21% (11th percentile), indicating low observed exploitation probability; the vulnerability is not listed in the CISA KEV catalog.
Sandbox escape in Google Chrome DevTools before 150.0.7871.47 lets a remote attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page, stemming from insufficient policy enforcement (CWE-693). NVD scores this 9.6 with a scope-change vector, though Google rates the Chromium severity only Medium and it is a second-stage bug requiring prior renderer compromise. No public exploit has been identified at time of analysis and EPSS is low (0.21%), consistent with a chained rather than standalone threat.
Navigation restriction bypass in Google Chrome's Omnibox on iOS (prior to 150.0.7871.47) enables a remote attacker to circumvent address bar security controls through insufficient input validation, contingent on user interaction with specific UI gestures during exposure to malicious network traffic. The integrity impact is rated High (I:H) with no confidentiality or availability impact, consistent with a content/navigation spoofing class of vulnerability. No public exploit code or CISA KEV listing has been identified; EPSS score of 0.20% (10th percentile) indicates low observed exploitation probability at time of analysis.
UI spoofing in Google Chrome's iOSWeb component on iOS allows remote attackers to misrepresent interface elements to users running versions prior to 150.0.7871.47. The vulnerability, rooted in an inappropriate implementation (CWE-451), is triggered when a user performs specific UI gestures on a crafted HTML page, enabling spoofing of security-critical browser interface elements such as the address bar or permission dialogs. No public exploit or active exploitation (CISA KEV) has been identified at time of analysis; the high attack complexity and mandatory user interaction meaningfully constrain real-world risk.
Out-of-bounds read in Google Chrome's Codecs component (prior to 150.0.7871.47) enables remote attackers to leak sensitive data from renderer process memory by delivering a crafted HTML page. The CVSS C:H rating reflects meaningful exposure of in-process data such as session tokens or credentials, though Chromium's own team assessed this as Medium severity, and the sandbox boundary (S:U) limits blast radius to the renderer. No public exploit code and no CISA KEV listing have been identified at time of analysis.
Race condition exploitation in Google Chrome for iOS (prior to 150.0.7871.47) exposes potentially sensitive data from process memory to a local attacker with physical device access. The flaw is rooted in improper synchronization (CWE-362) and requires high attack complexity to successfully win the timing window. No public exploit has been identified and the vulnerability is not listed in CISA KEV; the vendor has released a patching fix in the 150.0.7871.47 stable channel update.
Navigation restriction bypass in Google Chrome's Safe Browsing implementation on iOS allows a remote, unauthenticated attacker to circumvent phishing and malicious-site protections via a specially crafted HTML page, affecting all Chrome for iOS versions prior to 150.0.7871.47. The flaw is classified as CWE-693 (Protection Mechanism Failure), meaning the Safe Browsing guard can be rendered ineffective rather than defeated through cryptographic or authentication means. No public exploit or CISA KEV listing has been identified, and the EPSS score of 0.23% (14th percentile) signals low current exploitation probability - but the zero-prerequisite network delivery and high integrity impact make this a meaningful risk for iOS users who have not updated.
Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
UI spoofing in Google Chrome for iOS prior to version 150.0.7871.47 enables remote attackers to misrepresent browser interface elements - such as address bars or security indicators - by delivering a crafted HTML page to a victim on an iOS device. Rooted in CWE-451 (UI Misrepresentation of Critical Information), the flaw exploits an inappropriate implementation specific to Chrome's iOS code path, which differs from desktop Chrome due to WKWebView constraints imposed by Apple. No public exploit code exists, CISA SSVC rates exploitation as none, and EPSS sits at the 12th percentile, indicating minimal real-world threat at time of analysis.
Sandbox escape in Google Chrome desktop before 150.0.7871.47 lets an attacker who already controls a compromised renderer process break out of the browser sandbox through insufficient policy enforcement in the Web Serial API, using a crafted HTML page. Google rated the underlying Chromium bug Medium severity even though NVD assigns a 9.6 CVSS due to the scope-changing impact. There is no public exploit identified at time of analysis, and the EPSS probability is low (0.22%, 12th percentile).
Navigation restriction bypass in Google Chrome's Chromecast implementation (versions prior to 150.0.7871.47) allows a remote attacker who has already compromised the renderer process to circumvent navigation restrictions via a specially crafted HTML page. This is a post-compromise escalation primitive rather than a standalone entry point - the renderer must already be under attacker control, making this a link in an exploit chain rather than an initial access vector. No public exploit has been identified at time of analysis; EPSS at 0.23% (14th percentile) reflects very low observed exploitation probability, consistent with the chained-exploit requirement.
Use after free in HTML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Sandboxed remote code execution in Google Chrome's Cast Receiver component affects all desktop builds prior to 150.0.7871.47, where a use-after-free (CWE-416) can be triggered by luring a victim to a crafted HTML page. Google rates the Chromium severity as Medium because the resulting code execution is confined to the browser sandbox, though NVD scores it CVSS 8.8; there is no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.27% (18th percentile).
Insufficient policy enforcement in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Navigation restriction bypass in Google Chrome's Glic feature (versions prior to 150.0.7871.47) enables remote attackers to circumvent policy enforcement controls by delivering a crafted HTML page that triggers insufficient validation logic. The flaw maps to CWE-602, meaning security enforcement intended to be authoritative is implemented client-side in a bypassable manner, resulting in high integrity impact with no confidentiality or availability consequence. No public exploit or active exploitation has been identified at time of analysis, and EPSS at 0.22% (13th percentile) reflects low current exploitation probability.
UI spoofing via Chrome's Autofill component affects all desktop installations prior to version 150.0.7871.47, enabling a remote attacker to misrepresent interface elements through a crafted HTML page. Exploitation requires both navigating to an attacker-controlled page and performing specific UI gestures, reflected in CVSS AC:H and UI:R - passive browsing is insufficient. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; the CVSS 4.2 Medium score reflects limited integrity and availability impact with no confidentiality loss.
Navigation restriction bypass in Google Chrome prior to 150.0.7871.47 enables a network-positioned attacker to circumvent browser-enforced navigation policies via a crafted HTML page. The attacker must occupy a privileged network position (e.g., man-in-the-middle) and requires user interaction with the malicious page, per the CVSS UI:R and the description's explicit network-position prerequisite. With an EPSS of 0.15% at the 5th percentile, no public exploit code, and no CISA KEV listing, exploitation probability is low - this is a medium-severity issue with a meaningful but situational attack barrier.
Cross-origin data exfiltration in Google Chrome's WebUI component (versions prior to 150.0.7871.47) enables remote attackers to leak sensitive data across origin boundaries by delivering crafted malicious network traffic to an unpatched browser. The flaw arises from insufficient input validation (CWE-20) within the WebUI layer, undermining same-origin policy protections and exposing data from isolated origins to attacker-controlled contexts. No active exploitation is confirmed - the vulnerability is absent from CISA KEV, EPSS sits at 0.20% (10th percentile), and no public POC has been identified; a vendor-released patch is available in Chrome 150.0.7871.47.
Cross-origin data leakage in Google Chrome for iOS prior to 150.0.7871.47 exposes sensitive information from other origins when a remote attacker convinces a victim to perform specific UI gestures on a crafted HTML page. The flaw stems from an inappropriate implementation in the iOS-specific Chrome browser layer, classified under CWE-451 (UI Misrepresentation), and enables confidentiality compromise without requiring attacker privileges. No public exploit code has been identified at time of analysis, and EPSS at 0.22% (12th percentile) signals low near-term automated exploitation risk.
Privilege escalation in Google Chrome's Extensions component (versions prior to 150.0.7871.47) lets a remote attacker who has already compromised the renderer process break out via a crafted HTML page. Rated Medium by Chromium and CVSS 7.5, it stems from insufficient validation of untrusted input (CWE-20) and requires user interaction plus a pre-existing renderer foothold. There is no public exploit identified at time of analysis, EPSS is low (0.22%, 12th percentile), and it is not on CISA KEV.
Out-of-bounds read in the Chromecast component of Google Chrome prior to 150.0.7871.47 enables a remote attacker, who has already achieved renderer process compromise, to exfiltrate potentially sensitive data from process memory via a crafted HTML page. This is a second-stage, chained vulnerability - it cannot be exploited in isolation and requires a prior renderer compromise as a prerequisite. Google has released a patch in Chrome 150.0.7871.47; no public exploit code or CISA KEV listing has been identified at time of analysis.
Side-channel information leakage in WebAuthentication within Google Chrome on iOS (versions prior to 150.0.7871.47) enables a remote attacker to infer cross-origin data by directing a victim to a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) confirms network-exploitable impact with high confidentiality loss, constrained by mandatory user interaction and scoped exclusively to the iOS platform. No public exploit identified at time of analysis; EPSS at 0.25% (16th percentile) signals low near-term exploitation probability, and no CISA KEV listing is present.
Use-after-free in the Extensions component of Google Chrome before 150.0.7871.47 lets a remote attacker execute arbitrary code within the renderer sandbox when a victim opens a crafted HTML page. Chromium rated the security severity Medium, though the associated CVSS score is 8.8 (High) due to network vector and high impact; there is no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.26%. Google has shipped a fixed Stable channel build.
Cross-origin data leakage in Google Chrome's NFC implementation on Android exposes sensitive information to attackers who have already compromised the renderer process. Chrome versions prior to 150.0.7871.47 on Android fail to properly validate origins when handling NFC interactions, allowing a renderer-level attacker to read data across origin boundaries via a crafted HTML page. No public exploit or CISA KEV listing exists at time of analysis, and EPSS sits at the 11th percentile, indicating low observed exploitation probability despite the theoretical confidentiality impact.
Content Security Policy bypass in Google Chrome's Isolated Web Apps (IWA) subsystem allows remote attackers to circumvent enforcement mechanisms via a specially crafted HTML page, resulting in high-integrity impact with no confidentiality or availability consequence. Affected versions are all Chrome releases prior to 150.0.7871.47. User interaction is required - the victim must visit the attacker-controlled page - and no public exploit or CISA KEV listing has been identified at time of analysis. The low EPSS score of 0.22% (13th percentile) reinforces that active exploitation is not currently observed.
Sandboxed remote code execution in Google Chrome for Android before 150.0.7871.47, stemming from a use-after-free in the Skia graphics library, lets a remote attacker run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. Google rated the Chromium security severity as Medium, and no public exploit has been identified at time of analysis; the EPSS score is low (0.26%, 17th percentile), and the bug is not on CISA KEV. Exploitation requires user interaction (visiting the malicious page) but no authentication.
Heap-based integer overflow in Google Chrome's Chromecast component allows an adjacent-network attacker to achieve arbitrary code execution against browsers running versions prior to 150.0.7871.47. The flaw is reachable via crafted malicious network traffic and carries a high CVSS of 8.8; Google has shipped a stable-channel fix, and no public exploit has been identified at time of analysis. Chromium rates the underlying issue as Medium severity despite the high CVSS, reflecting the adjacency and interaction constraints.
Type Confusion in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Race in USB in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Same-origin policy bypass in Google Chrome's WebAppInstalls component allows remote attackers to compromise cross-origin integrity via a crafted HTML page, affecting all Chrome versions prior to 150.0.7871.47. The flaw stems from an inappropriate implementation (CWE-346, Origin Validation Error) in the PWA installation subsystem, enabling an attacker to perform unauthorized cross-origin writes or manipulations when a user visits attacker-controlled content. No public exploit identified at time of analysis, and the EPSS score of 0.23% (14th percentile) indicates low near-term exploitation probability, though the ubiquitous deployment of Chrome elevates aggregate exposure.
Use after free in USB in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Use-after-free in Google Chrome's Bluetooth subsystem (all versions prior to 150.0.7871.47) enables an unauthenticated attacker within Bluetooth radio range to leak sensitive data from Chrome's process memory by operating a malicious Bluetooth peripheral. The CVSS vector (AV:A/PR:N/UI:N/C:H) confirms no attacker-side authentication is required and impact is confidentiality-only, with no integrity or availability loss. No public exploit code has been identified at time of analysis and CISA has not listed this in KEV; the Chromium security team rated this Medium severity, consistent with the bounded adjacency-only attack vector.
Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Process memory disclosure in Google Chrome's ANGLE graphics abstraction layer (versions prior to 150.0.7871.47) enables a renderer-compromised attacker to read potentially sensitive data from process memory via a crafted HTML page. This is a post-exploitation, second-stage vulnerability: it cannot be triggered without a prior renderer process compromise, functioning as a chaining component rather than a standalone entry point. No public exploit code or CISA KEV listing has been identified at time of analysis; Chromium's own team rates it Medium severity, consistent with the prerequisite attack complexity.