Description
Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an insufficient policy enforcement in Google Chrome’s Network module, enabling an attacker who can position themselves in a privileged network environment to bypass navigation restrictions by serving a crafted HTML page. This flaw allows a user to visit URLs that should be blocked, effectively breaking the browser’s navigation policy. The issue is rated Medium severity by Chromium security, but no CVSS score is publicly available. The weakness can be classified as improper authorization (CWE‑285).

Affected Systems

Google Chrome desktop versions earlier than 150.0.7871.47 are affected; versions 150.0.7871.47 and later contain the fix.

Risk and Exploitability

EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog. The attack vector requires an attacker to be positioned in a privileged network segment and to serve a crafted HTML page. Although no quantitative risk metrics are provided, circumventing navigation restrictions is a serious policy violation that warrants timely mitigation.

Generated by OpenCVE AI on July 1, 2026 at 01:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or later to apply the official fix.
  • Limit privileged network access that can deliver crafted HTML pages to users.
  • Monitor network traffic for unexpected navigation requests originating from privileged sources.

Generated by OpenCVE AI on July 1, 2026 at 01:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:00:00 +0000

Type Values Removed Values Added
Title Navigation Restriction Bypass via Network Policy Enforcement in Google Chrome

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:12.213Z

Reserved: 2026-06-29T23:03:44.227Z

Link: CVE-2026-13894

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T01:45:06Z

Weaknesses

No weakness.