Description
Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In Google Chrome prior to 150.0.7871.47 an inappropriate implementation of password handling allowed a remote attacker to leak cross‑origin data through a crafted HTML page. The flaw violates the browser’s same‑origin policy and permits confidential data from a user’s visited sites to be read by an attacker’s web page, compromising information confidentiality.

Affected Systems

Google Chrome desktop installations below version 150.0.7871.47 are affected. Any user running the browser before the patch is vulnerable.

Risk and Exploitability

Chromium rates the severity as medium and there is no current EPSS score, indicating limited observed exploitation. The likely attack vector is a malicious web page that the user visits, which can then read data from other origins. While the vulnerability does not provide arbitrary code execution, it enables cross‑origin data exfiltration.

Generated by OpenCVE AI on July 1, 2026 at 02:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 150.0.7871.47 or newer on all affected devices.
  • Configure browser update policy to ensure the new version installs automatically across the organization.
  • Track future Chrome release notes for additional security patches or workarounds.

Generated by OpenCVE AI on July 1, 2026 at 02:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:30:00 +0000

Type Values Removed Values Added
Title Cross‑Origin Data Leak via Crafted HTML Page in Chrome
Weaknesses CWE-200

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:58.380Z

Reserved: 2026-06-29T23:04:19.700Z

Link: CVE-2026-14019

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T02:15:07Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor