Description
Side-channel information leakage in Scroll in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A side‑channel vulnerability in Chrome’s scrolling logic allows a remote attacker to read data from other origins when the victim loads a malicious web page. The flaw is triggered by specially crafted HTML and can expose cookies, local storage or other sensitive data that normally remain protected by same‑origin policies. The weakness is classified as CWE‑1300, indicating information disclosure. The potential impact is that an attacker could exfiltrate confidential data viewed by the victim without their knowledge.

Affected Systems

The vulnerability affects Google Chrome browsers prior to version 150.0.7871.47. Any installation of Chrome at or earlier than that build is susceptible. No specific platform details are provided, so the issue applies broadly to desktop editions of Chrome.

Risk and Exploitability

The official severity is noted as High by Chromium, though a CVSS score is not supplied. The EPSS score is unavailable and the vulnerability is not listed in the CISA KEV catalog, suggesting that no widespread exploitation is documented yet. The likely attack vector involves a victim visiting a crafted web page; thus it requires user interaction. While the risk is significant for exposed data, the lack of public exploitation data and lack of network‑only vectors somewhat reduce the immediate threat level. Regular users should treat the vulnerability as serious and proceed with remediation.

Generated by OpenCVE AI on July 1, 2026 at 03:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or later
  • Enable Chrome's Strict Site Isolation to enforce process separation between sites
  • Restrict or block access to untrusted web content by using an ad‑blocker or site‑blocking extension until the update can be applied

Generated by OpenCVE AI on July 1, 2026 at 03:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 03:30:00 +0000

Type Values Removed Values Added
Title Cross‑Origin Data Leakage via Scroll Side‑Channel in Chrome

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Side-channel information leakage in Scroll in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-1300
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:33.928Z

Reserved: 2026-06-29T23:03:18.398Z

Link: CVE-2026-13790

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T03:15:15Z

Weaknesses
  • CWE-1300

    Improper Protection of Physical Side Channels