Description
Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Published: 2026-07-08
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Insufficient policy enforcement in the navigation handling component of Google Chrome allowed a malicious actor to craft an HTML page that, when loaded, bypasses the browser’s site isolation protection. This failure undermines the isolation boundaries that normally keep separate web origins from interacting, potentially enabling a user to access sensitive information or execute operations in a context that should be segregated. The underlying weakness reflects a lack of proper policy validation and enforcement, which can lead to confidentiality and integrity exposures in the browser environment.

Affected Systems

All installations of Google Chrome prior to version 150.0.7871.115 are affected. No additional vendor or product variants are listed.

Risk and Exploitability

The vulnerability carries a high severity rating within the Chromium security model and can be exploited remotely via a specially crafted HTML page served over the network. The attack does not require elevated privileges or local access; it relies solely on the victim’s browser rendering a malicious page. EPSS data is not available and the CVE is not listed in the CISA KEV catalog, indicating no publicly known exploit at the time of analysis. However, the potential impact remains significant due to the fundamental nature of site isolation in protecting multiple web contents from one another.

Generated by OpenCVE AI on July 9, 2026 at 03:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Google Chrome update (150.0.7871.115 or newer) to receive the corrected navigation policy enforcement logic.
  • Confirm that site isolation features are enabled in Chrome; adjust browser policies or settings if they have been disabled.
  • Restart all Chrome processes to ensure the new policy is fully applied and the isolation boundaries are restored.

Generated by OpenCVE AI on July 9, 2026 at 03:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Jul 2026 04:00:00 +0000

Type Values Removed Values Added
Title Navigation Policy Enforcement Failure Enabling Site Isolation Bypass in Chrome
Weaknesses CWE-264
CWE-287

Thu, 09 Jul 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 08 Jul 2026 23:00:00 +0000

Type Values Removed Values Added
Description Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-08T22:36:05.902Z

Reserved: 2026-07-08T17:07:44.491Z

Link: CVE-2026-15130

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-09T03:45:03Z

Weaknesses