Description
Insufficient policy enforcement in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from insufficient policy enforcement in the Glic component of Google Chrome. A remote attacker can craft an HTML page designed to bypass the browser's navigation restrictions, allowing the victim to navigate to URLs that would normally be blocked. The result is a compromise of the user’s navigation control, which can be used for phishing, illicit redirects, or other malicious content delivery. Chromium rates the severity of this flaw as Medium.

Affected Systems

Google Chrome versions earlier than 150.0.7871.47 are susceptible. The issue is limited to the Chrome desktop client; no specific platform distinctions are mentioned.

Risk and Exploitability

The flaw requires the victim to open a specially crafted HTML page, which could be delivered over the web, email, or local file. Because the EPSS score is not available and the vulnerability is not listed in KEV, the known exploitation probability appears low, though the medium severity rating signals a nontrivial risk. Attackers could exploit this by creating malicious sites or embedding the exploit in phishing emails, leveraging the browser’s policy bypass to trick users into visiting otherwise blocked URLs.

Generated by OpenCVE AI on July 1, 2026 at 00:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Google Chrome update, including version 150.0.7871.47 or newer, which contains the Glic policy enforcement fix.
  • Confirm that navigation restrictions are enforced by reviewing Chrome's site settings and ensuring no policy overrides are in place.
  • If an immediate update is infeasible, block access to known malicious URLs or use a proxy to filter out untrusted navigation until the update is applied.

Generated by OpenCVE AI on July 1, 2026 at 00:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 01:15:00 +0000

Type Values Removed Values Added
Title Bypass of Navigation Restrictions via Glic Policy Enforcement Flaw in Google Chrome
Weaknesses CWE-284

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient policy enforcement in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:12.946Z

Reserved: 2026-06-29T23:03:44.725Z

Link: CVE-2026-13896

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T01:00:14Z

Weaknesses