Description
Insufficient validation of untrusted input in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A weakness in the input validation logic within Chrome’s Network component allows a remote attacker who has already compromised the renderer process to serve a specially crafted HTML page that overrides the browser’s navigation restrictions. This flaw does not provide direct code execution or compromise of the operating system, but it can redirect the user to unintended URLs or cause the browser to load content it was not supposed to allow.

Affected Systems

Versions of Google Chrome earlier than 150.0.7871.47 on any platform that includes the affected Network component are vulnerable. The flaw exists in all releases that deploy the Network stack prior to that patch, regardless of operating system or architecture.

Risk and Exploitability

Chromium rates the issue as a Medium severity vulnerability; no CVSS score is provided in the data. An EPSS score is not available, so the likelihood of exploitation in the wild has not been quantified. The flaw is not listed in the CISA KEV catalog. Exploitation requires the attacker to have first gained access to the renderer process, so the overall risk is constrained to scenarios where a sandbox escape or similar initial compromise has already occurred. If such a foothold is achieved, the attacker can redirect users to malicious sites or load unwanted content via the navigation‑bypass path.

Generated by OpenCVE AI on July 1, 2026 at 02:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 150.0.7871.47 or later
  • Enable automatic updates so that future security fixes are applied without intervention
  • For managed deployments, enforce enterprise policies that restrict navigation to approved URLs to limit the effect of potential input‑validation weaknesses

Generated by OpenCVE AI on July 1, 2026 at 02:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 03:15:00 +0000

Type Values Removed Values Added
Title Insufficient Validation in Chrome Network Allows Navigation Bypass after Renderer Compromise

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient validation of untrusted input in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-20
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:23.993Z

Reserved: 2026-06-29T23:03:53.859Z

Link: CVE-2026-13926

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T03:00:12Z

Weaknesses
  • CWE-20

    Improper Input Validation