Description
Insufficient data validation in NetworkCache in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Google Chrome versions prior to 150.0.7871.47 contain insufficient data validation in the NetworkCache component, which is responsible for handling cached network responses. The flaw allows a remote attacker to construct a crafted HTML page that, when loaded by a user, can read or leak data that originated from a different website. The primary impact is a confidentiality breach; the vulnerability does not provide arbitrary code execution or broader system compromise.

Affected Systems

All Google Chrome desktop installations running a version older than 150.0.7871.47 are affected. The vulnerability exists specifically in the network cache handling of data fetched from other origins.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in CISA KEV, suggesting no known large-scale exploitation. The attack vector is inferred to be a malicious or compromised web page that serves the crafted HTML to a user. An attacker who can serve such a page can potentially steal cross-origin data through the vulnerable NetworkCache. Given the low Chromium severity and lack of exploitation evidence, the immediate risk to the general user base is low, yet the confidentiality impact warrants prompt remediation.

Generated by OpenCVE AI on July 1, 2026 at 06:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install Google Chrome version 150.0.7871.47 or newer through the official update channel.
  • Enable automatic updates in Chrome settings to receive future patches automatically.
  • After updating, clear the browser cache to remove any potentially compromised cached data.

Generated by OpenCVE AI on July 1, 2026 at 06:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 07:15:00 +0000

Type Values Removed Values Added
Title Cross-Origin Data Leakage via Insufficient NetworkCache Validation in Chrome
Weaknesses CWE-200
CWE-79

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient data validation in NetworkCache in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:27.097Z

Reserved: 2026-06-29T23:11:42.158Z

Link: CVE-2026-14100

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T07:00:11Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor

  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')