Description
Inappropriate implementation in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. (Chromium security severity: High)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An inappropriate implementation in Google Chrome extensions on Android, before version 150.0.7871.47, allows an attacker who persuades a user to install a malicious extension to bypass the browser’s same origin policy. The vulnerability is classified as high severity by Chromium. This bypass could enable the extension to access or manipulate data and resources from other origins, potentially leading to data theft, privilege escalation within the browser, or facilitating further attacks such as cross-site scripting.

Affected Systems

Google Chrome on Android, versions earlier than 150.0.7871.47.

Risk and Exploitability

The CVSS equivalents and exploit probability (EPSS) are not available, and the vulnerability is not listed in the CISA KEV catalog, indicating no publicly known exploit yet. The attack vector is likely user-initiated: an attacker requires convincing a user to install a malicious extension, for example via social engineering or compromised extension stores. Once installed, the extension can then bypass same origin policy constraints. The overall risk remains high due to the potential for widespread data exposure on affected devices.

Generated by OpenCVE AI on July 1, 2026 at 01:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or newer.
  • Avoid installing extensions from untrusted or third-party stores; validate the publisher and review permissions before installation.
  • Consider disabling or removing extensions that are not essential for your workflow.

Generated by OpenCVE AI on July 1, 2026 at 01:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:15:00 +0000

Type Values Removed Values Added
Title Chrome Android Extension Same Origin Policy Bypass
Weaknesses CWE-200
CWE-264

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. (Chromium security severity: High)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:45.956Z

Reserved: 2026-06-29T23:03:26.174Z

Link: CVE-2026-13822

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T02:00:07Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor

  • CWE-264