Description
Insufficient validation of untrusted input in Accessibility in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Insufficient validation of untrusted input in the Accessibility subsystem of Google Chrome allowed a remote attacker who had compromised the renderer process to bypass the browser’s site isolation via a crafted HTML page. The underlying validation issue (CWE‑20). Chromium security maintainers assigned a high severity rating to the flaw.

Affected Systems

Google Chrome components prior to version 150.0.7871.47 are affected. Any installation of Chrome older than this release update that introduces the input validation fix is applied.

Risk and Exploitability

The exploit requires an attacker who has already gained control of a renderer prior vulnerability or foothold is vector involves initially compromising the renderer, after which site isolation can be bypassed. No EPSS score is available and the vulnerability is not listed in CISA KEV, indicating no widespread exploitation has been reported yet. The risk is considered elevated for users who run Chrome without the latest patch or operate in environments where renderer process compromise is feasible.

Generated by OpenCVE AI on July 1, 2026 at 04:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 150.0.7871.47 or newer to apply the input validation fix.
  • Configure Chrome to automatically download and install security updates so the browser stays current.
  • Check the official Chrome release notes or vendor website regularly for additional security patches and apply them promptly.

Generated by OpenCVE AI on July 1, 2026 at 04:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 04:45:00 +0000

Type Values Removed Values Added
Title Site Isolation Bypass

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient validation of untrusted input in Accessibility in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-20
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:39.997Z

Reserved: 2026-06-29T23:03:22.334Z

Link: CVE-2026-13806

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T04:30:06Z

Weaknesses
  • CWE-20

    Improper Input Validation