Description
Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Google Chrome’s Network policy enforcement was insufficient in versions before 150.0.7871.47, permitting a remote attacker to bypass the browser’s content‑security policy. The vulnerability allows the attacker to craft a malicious HTML page that, when opened in Chrome, circumvents the security policy safeguards normally enforced by the browser. This can lead to the execution of injected scripts or other malicious content, potentially compromising user data or enabling further attacks within the victim’s browser context.

Affected Systems

The flaw is present in Google Chrome for desktop operating systems running versions prior to 150.0.7871.47. End‑users of any Chrome installation before this version are susceptible until an update is applied.

Risk and Exploitability

The vulnerability can be exploited remotely by a malicious web page that a user visits. No specific exploit code has been released, and the EPSS score is currently unavailable; the issue is not listed in the CISA KEV catalog. Nevertheless, the attack path is straightforward— a user loads a crafted page— and the lack of policy enforcement opens the door to arbitrary script execution. The CVSS score is low according to Chromium’s internal severity, but the potential impact on confidentiality, integrity, or availability warrants prompt remediation.

Generated by OpenCVE AI on July 1, 2026 at 01:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install Chrome version 150.0.7871.47 or later, which includes the fix for issue 511815165.
  • Configure Chrome to receive automatic updates so that future patches are applied without user intervention.
  • If an update cannot be applied immediately, avoid visiting untrusted web content or consider using a browser with stricter policy enforcement, and monitor Google’s release notes for additional security changes.

Generated by OpenCVE AI on July 1, 2026 at 01:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:15:00 +0000

Type Values Removed Values Added
Title Chrome Network Policy Bypass Allows CSP Bypass via Crafted Page
Weaknesses CWE-270
CWE-285

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:18.427Z

Reserved: 2026-06-29T23:11:37.265Z

Link: CVE-2026-14076

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T02:00:07Z

Weaknesses
  • CWE-270

    Privilege Context Switching Error

  • CWE-285

    Improper Authorization