Description
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An inappropriate implementation in the CSS handling of Google Chrome prior to version 150.0.7871.47 allows a maliciously crafted web page to cause the browser to expose data that originates from a different origin. This flaw undermines the confidentiality of cross‑origin content and is classified by Chromium as low severity.

Affected Systems

Google Chrome desktop browsers older than 150.0.7871.47 are affected. No other variants are mentioned.

Risk and Exploitability

The CVSS score is not publicly disclosed, EPSS is unavailable, and the vulnerability is not listed in CISA KEV. The attack vector is inferred to be a remote web‑page that a victim must visit; therefore, successful exploitation requires user interaction and there are no known public exploits at the time of this record.

Generated by OpenCVE AI on July 1, 2026 at 06:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 150.0.7871.47 or later
  • Ensure Chrome’s automatic updates are enabled so new releases are applied promptly
  • Configure a Content Security Policy that restricts the origin of CSS and other external resources to mitigate the impact of potential cross‑origin leaks

Generated by OpenCVE AI on July 1, 2026 at 06:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 07:15:00 +0000

Type Values Removed Values Added
Title Cross‑Origin Data Leakage via CSS Handling in Google Chrome
Weaknesses CWE-200

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:26.368Z

Reserved: 2026-06-29T23:11:41.759Z

Link: CVE-2026-14098

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T07:00:11Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor