Description
Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-24
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the Autofill component of Google Chrome and permits a remote attacker who has already compromised the renderer process to obtain cross‑origin data through a crafted HTML page. This inappropriate implementation can lead to the unintended disclosure of sensitive information, thereby breaching confidentiality. The flaw is identified as a high‑severity issue by Chromium’s security team.

Affected Systems

Google Chrome browsers prior to version 149.0.7827.197 are affected. The vulnerability targets the renderer process.

Risk and Exploitability

The flaw carries a high severity rating, and while EPSS data is not available, the vulnerability is not listed in CISA KEV; the fact that an attacker must first compromise the renderer process limits the scope to situations where the renderer is already under threat. Nevertheless, the ability to leak cross‑origin data exposes a significant confidentiality risk that can be exploited with a crafted page delivered over the network, making it a high priority for remediation.

Generated by OpenCVE AI on June 24, 2026 at 21:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome to version 149.0.7827.197 or later.
  • Disable Autofill via Chrome Settings or apply the corresponding enterprise policy to prevent Autofill data from being exposed.
  • Avoid visiting untrusted or malicious websites while the vulnerability remains unpatched, and consider using web filtering or anti‑phishing extensions to reduce exposure.

Generated by OpenCVE AI on June 24, 2026 at 21:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Title Chromium Autofill Data Leak via Cross‑Origin Access
Weaknesses CWE-200

Wed, 24 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-24T18:43:14.861Z

Reserved: 2026-06-23T17:14:08.100Z

Link: CVE-2026-13022

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T21:30:04Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor