Description
Insufficient validation of untrusted input in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an input validation flaw in Google Chrome’s Network component. Untrusted input is processed without sufficient checks, allowing an attacker who has compromised the renderer process to read and send cross‑origin data via a crafted HTML page. Because the description does not mention code execution or privilege escalation, it is inferred that the flaw is limited to data leakage only.

Affected Systems

Google Chrome versions earlier than 150.0.7871.47 are affected. The issue was fixed in the stable‑channel update released in June 2026, so users who retain older releases are at risk of cross‑origin data leakage.

Risk and Exploitability

The CVE is classified as low‑severity by Chromium security reviewers. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog – this is inferred to indicate that no widespread, publicly available exploits are known. The required attacker capability is compromising the renderer process, which limits the likelihood of successful exploitation in typical environments. The potential confidentiality impact is inferred because the flaw could expose data that should remain private, posing a risk especially in enterprise contexts.

Generated by OpenCVE AI on July 1, 2026 at 05:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 150.0.7871.47 or later to apply the network input‑validation fix.
  • Configure Chrome to run the renderer process with the most restrictive sandbox available, reducing potential damage from a compromised renderer.
  • Apply a content security policy that restricts cross‑origin resource sharing so that even if the renderer reads data, it cannot exfiltrate it to malicious domains.

Generated by OpenCVE AI on July 1, 2026 at 05:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 05:30:00 +0000

Type Values Removed Values Added
Title Chrome Network Component: Unvalidated Input Leads to Cross‑Origin Data Leakage

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient validation of untrusted input in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Weaknesses CWE-20
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:07.332Z

Reserved: 2026-06-29T23:11:30.945Z

Link: CVE-2026-14045

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T05:15:04Z

Weaknesses
  • CWE-20

    Improper Input Validation