Description
Insufficient validation of untrusted input in PageInfo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a failure to properly validate untrusted input in the PageInfo component of Google Chrome. An attacker who has already compromised the renderer process can deliver a crafted HTML page that overrides browser-enforced navigation restrictions, allowing unauthorized redirects or other unintended navigation behavior. This flaw, rooted in CWE-20, could be leveraged to facilitate phishing or to trick users into visiting malicious sites without their consent, potentially exposing sensitive information or enabling further attacks.

Affected Systems

The affected system is Google Chrome prior to version 150.0.7871.47. Users running older Chrome builds are susceptible, while newer releases include the protection against this input validation defect.

Risk and Exploitability

The EPSS score is not available and the flaw is not listed in the CISA KEV catalog, indicating a lower exploitation prevalence at this time. Chromium rates the vulnerability as low severity. Exploitation requires the attacker to first gain control of the renderer process, which typically arises from a separate vulnerability or social‑engineered compromise. Once renderer control is achieved, the attacker can bypass navigation restrictions, potentially redirecting the user to malicious content. The risk is moderate in the context of an already compromised renderer, but the broader likelihood of exploitation remains low given the high barrier to initial compromise.

Generated by OpenCVE AI on July 1, 2026 at 07:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the latest Chrome stable release (≥150.0.7871.47) to remove the input validation flaw.
  • If upgrading immediately is not possible, enforce Chrome site isolation or other renderer process isolation features to reduce the impact of a compromised renderer.
  • Monitor browser logs for unexpected navigation events or renderer-process anomalies and restrict or quarantine sites exhibiting suspicious behavior.

Generated by OpenCVE AI on July 1, 2026 at 07:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 07:30:00 +0000

Type Values Removed Values Added
Title Renderer Process Input Validation Bypass Allowing Navigation Restriction Circumvention

Wed, 01 Jul 2026 02:15:00 +0000

Type Values Removed Values Added
Title Renderer Process Input Validation Bypass Allowing Navigation Restriction Circumvention

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient validation of untrusted input in PageInfo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Weaknesses CWE-20
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:14.524Z

Reserved: 2026-06-29T23:11:35.066Z

Link: CVE-2026-14065

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T07:15:03Z

Weaknesses
  • CWE-20

    Improper Input Validation