Description
Insufficient policy enforcement in DevTools in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A local attacker can bypass navigation restrictions in Google Chrome on Android by crafting a malicious file, allowing the attacker to navigate to disallowed locations or load content that should normally be blocked. The vulnerability originates from insufficient policy enforcement in DevTools and is classified as CWE‑20, indicating improper input validation or boundary checking. The flaw only enables local circumvention of navigation controls; it does not grant remote code execution or compromise other users' systems.

Affected Systems

All installations of Google Chrome on Android running a build earlier than 150.0.7871.47 are vulnerable. Users on older Android devices using older Chrome versions are at risk.

Risk and Exploitability

The Chromium project rates the severity as Medium. No EPSS score or KEV listing is available, suggesting limited known exploitation. The exploit requires the attacker to deliver a malicious file to the device where the user can open or run it. Because the attack is local and tied to file access, threat exposure is confined to situations where the user can obtain or open such malicious content. The lack of remote exploitation vectors reduces the overall risk, but an active attacker with local access can still navigate beyond intended restrictions.

Generated by OpenCVE AI on July 1, 2026 at 02:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to Chrome 150.0.7871.47 or later, which restores policy enforcement in DevTools.
  • Restart Chrome to apply the new policy settings.
  • Delete or quarantine any potentially malicious files that could exploit the bypass.
  • Avoid opening or executing files from untrusted sources to reduce local attack risk.

Generated by OpenCVE AI on July 1, 2026 at 02:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 03:15:00 +0000

Type Values Removed Values Added
Title Local Navigation Restriction Bypass via Malicious File in Chrome DevTools on Android

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient policy enforcement in DevTools in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Medium)
Weaknesses CWE-20
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:25.079Z

Reserved: 2026-06-29T23:03:54.605Z

Link: CVE-2026-13929

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T03:00:12Z

Weaknesses
  • CWE-20

    Improper Input Validation