Description
Integer overflow in Safe Browsing in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An integer overflow in Chrome’s Safe Browsing component on macOS allows a remote attacker to bypass navigation restrictions by crafting a malicious file. The flaw can be exploited when the victim opens the file, causing the browser to treat it as a safe or allowed resource and navigate to a target URL or content that would normally be blocked.

Affected Systems

Google Chrome running on macOS versions prior to 150.0.7871.47 are affected. The issue is specific to the Safe Browsing subsystem that governs navigation restrictions. Users of older Chrome builds on Mac devices are therefore vulnerable until an update mitigates the overflow.

Risk and Exploitability

The CVE does not yet have an EPSS score available and is not listed in the CISA KEV catalog, suggesting no known exploitation in the wild at this time. Chromium rates the severity of the flaw as Medium, indicating the potential for notable impact if a malicious file is delivered to an end‑user. The likely attack vector is a remote attacker delivering a crafted file to a target user, possibly via email, a compromised website, or other file‑sharing channels. Without an explicit CVSS score, the exact technical risk remains uncertain, but the combination of an unsanitised integer overflow and the overlooking of navigation restrictions represents a significant vector for attackers to violate the browser’s safety model.

Generated by OpenCVE AI on July 1, 2026 at 05:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or later
  • Configure Chrome Enterprise policies to enforce safe browsing and block navigation to disallowed URLs
  • Use macOS quarantine or similar OS features to prevent opening of downloaded files until they are scanned

Generated by OpenCVE AI on July 1, 2026 at 05:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 05:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Chrome Safe Browsing Allows Navigation Restriction Bypass on Mac

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Integer overflow in Safe Browsing in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Medium)
Weaknesses CWE-472
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:41.731Z

Reserved: 2026-06-29T23:04:05.753Z

Link: CVE-2026-13974

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T05:30:17Z

Weaknesses
  • CWE-472

    External Control of Assumed-Immutable Web Parameter