Description
Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Google Chrome versions prior to 150.0.7871.47 contain insufficient policy enforcement in the Network component that enables a remote attacker to bypass navigation restrictions by serving a specially crafted HTML page. The flaw allows the attacker to redirect the browser to arbitrary URLs outside the intended navigation context, potentially exposing the user to phishing, malware, or other malicious content. The primary impact is an authorization bypass that removes the built‑in safeguards designed to control where the browser can navigate.

Affected Systems

The vulnerability affects Google Chrome on all platforms for which the Network stack is implemented, including Windows, macOS, Linux, Android, and iOS. The affected releases are all versions before 150.0.7871.47; any installation running a newer build is not impacted.

Risk and Exploitability

The CVE is rated as low severity in Chromium's internal assessment and no EPSS score is available, suggesting a relatively small likelihood of widespread exploitation at present. The vulnerability is not listed in CISA's KEV catalog. The attack vector is remote: an attacker only needs to host or serve the crafted HTML to a victim’s browser, which can be done via email, malicious websites, or compromised content. Exploitation requires no privileged privileges on the target system, but the impact can still be significant for the individual user.

Generated by OpenCVE AI on July 1, 2026 at 02:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 150.0.7871.47 or later
  • Enable Google Chrome's built‑in Safe Browsing feature to detect malicious navigation attempts
  • Configure enterprise policy to block or sandbox third‑party content that could be used to craft malicious navigation pages

Generated by OpenCVE AI on July 1, 2026 at 02:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:30:00 +0000

Type Values Removed Values Added
Title Network Policy Bypass in Google Chrome Allows Remote Navigation Escape
Weaknesses CWE-284
CWE-285

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:10.559Z

Reserved: 2026-06-29T23:11:32.909Z

Link: CVE-2026-14054

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T02:15:07Z

Weaknesses