Description
Insufficient validation of untrusted input in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An insufficient validation of untrusted input within the Network component of Google Chrome allows a remote attacker, once able to compromise the renderer process, to leak data across origin boundaries. The flaw is a classic input validation weakness (CWE‑20) that can expose sensitive information from web pages that the user is browsing to the attacker’s remote code execution environment. The vulnerability can be exploited to read cross‑origin data that a normal same‑origin policy would normally protect, potentially aiding further attacks such as credential theft or data exfiltration.

Affected Systems

The affected product is Google Chrome. Versions prior to 150.0.7871.47 are impacted; any build of Chrome with a revision lower than that release number is vulnerable. The issue is disclosed for the stable channel and affects desktop deployments of the browser.

Risk and Exploitability

The exploit requires that an attacker have already managed to compromise the renderer process, which is a privileged sandbox process in Chrome. While the CVSS score is not listed, Chromium rates the issue as medium severity. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting that there is currently no known widespread exploitation in the wild. Nonetheless, because the flaw causes unauthorized data disclosure across origins, it represents a significant confidentiality risk. Organizations should treat it as a priority if their users run locally installed Chrome builds or visit untrusted web content.

Generated by OpenCVE AI on July 1, 2026 at 04:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 150.0.7871.47 or newer, which incorporates the input validation fix in the Network component
  • Ensure that automatic updates are enabled so the browser can receive the latest security patches without manual intervention
  • If an upgrade cannot be performed immediately, monitor network activity for anomalous cross‑origin requests and consider restricting the execution of untrusted renderer processes by configuring the browser environment or using sandboxing controls

Generated by OpenCVE AI on July 1, 2026 at 04:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 04:30:00 +0000

Type Values Removed Values Added
Title Chrome Network Validation Flaw Enables Cross‑Origin Data Leakage

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient validation of untrusted input in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-20
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:59.441Z

Reserved: 2026-06-29T23:04:20.433Z

Link: CVE-2026-14022

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T04:15:16Z

Weaknesses
  • CWE-20

    Improper Input Validation