Description
Inappropriate implementation in Sharing in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from an inappropriate implementation in Chrome’s sharing feature on Android. A crafted HTML page can exploit a renderer process that has already been compromised, allowing the attacker to read data that belongs to a different origin. This results in the leakage of confidential information across web site boundaries without granting the attacker arbitrary code execution. The weakness aligns with Information Exposure (CWE‑200).

Affected Systems

Google Chrome for Android, versions prior to 150.0.7871.47.

Risk and Exploitability

The CVSS score is not listed but the description rates Chromium security severity as Medium. EPSS is unavailable, and the vulnerability is not in the CISA KEV catalog. Exploitation requires control over the renderer process. Because the renderer can be compromised by malicious web content, the potential for cross‑origin data leaks exists as long as users visit untrusted pages. The risk is moderate to high for environments where sensitive data is displayed through Chrome’s sharing feature.

Generated by OpenCVE AI on July 1, 2026 at 01:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install Chrome version 150.0.7871.47 or later, which includes the security fix.
  • Enable automatic updates to ensure timely receipt of future patches.
  • Disable or limit the sharing feature for pages that handle sensitive data until the vulnerability is mitigated.

Generated by OpenCVE AI on July 1, 2026 at 01:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 01:45:00 +0000

Type Values Removed Values Added
Title Cross‑Origin Data Leak via Crafted Page in Android Chrome Renderer
Weaknesses CWE-200

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in Sharing in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:26.191Z

Reserved: 2026-06-29T23:03:55.405Z

Link: CVE-2026-13932

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T01:30:17Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor