Description
Insufficient validation of untrusted input in SanitizerAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability involves insufficient validation of untrusted input in the SanitizerAPI within Google Chrome. This flaw can allow a remote attacker to craft an HTML page that bypasses the browser's same-origin policy, enabling the attacker to read or modify data from web pages belonging to other origins. The inability of the browser to properly validate input could lead to unauthorized information disclosure and the execution of malicious scripts.

Affected Systems

Google Chrome versions older than 150.0.7871.47 on all supported platforms are affected. Any user running a vulnerable version may be exposed to the risk.

Risk and Exploitability

The CVSS score is not provided, but the browser’s security team rates the issue as medium severity. The EPSS score is not available, and the vulnerability is not yet listed in CISA’s KEV catalog. Because the flaw can be triggered by any webpage served by an attacker, the risk is moderate. Exploitation requires only that the victim visit a malicious page; no additional credentials or elevated permissions are needed.

Generated by OpenCVE AI on July 1, 2026 at 02:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or newer.
  • Enable automatic updates for Chrome across all user devices.
  • Validate and sanitize user-supplied input in web applications that use the Browser's SanitizerAPI to prevent cross-origin policy bypass.

Generated by OpenCVE AI on July 1, 2026 at 02:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:30:00 +0000

Type Values Removed Values Added
Title Remote Same-Origin Policy Bypass via SanitizerAPI in Chrome

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient validation of untrusted input in SanitizerAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-20
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:59.799Z

Reserved: 2026-06-29T23:04:20.661Z

Link: CVE-2026-14023

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T02:15:07Z

Weaknesses
  • CWE-20

    Improper Input Validation