Description
Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-07-08
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a flaw in Chrome’s navigation handling that allows a remote attacker to bypass the browser’s site isolation. By delivering a specially crafted HTML page, an attacker can force Chrome to load contents that should be isolated into separate processes, potentially exposing confidential data or allowing malicious code to interact with other sites in the same process. The weakness is of medium severity in Chromium’s assessment.

Affected Systems

Google Chrome browsers earlier than version 150.0.7871.115 are affected. The vulnerability applies to all platform builds of Chrome prior to this release.

Risk and Exploitability

The exploit requires the victim to visit a malicious webpage that serves the crafted HTML. No publicly disclosed exploits are known, and the VP is the typical remote <= web page. Because EPSS data is not available and the issue is not listed in KEV, the perceived risk is moderate, but site isolation bypass can lead to significant data leakage. Users on older Chrome versions are advised to apply the forthcoming patch as soon as it becomes available.

Generated by OpenCVE AI on July 9, 2026 at 03:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.115 or newer
  • Ensure Chrome is configured to receive automatic updates and confirm that site isolation remains enabled
  • If possible, access sensitive sites in Chrome’s incognito mode or use a browser with hardened isolation features

Generated by OpenCVE AI on July 9, 2026 at 03:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Jul 2026 04:00:00 +0000

Type Values Removed Values Added
Title Site Isolation Bypass via Navigation Handling in Chrome
Weaknesses CWE-264
CWE-284

Thu, 09 Jul 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 08 Jul 2026 23:00:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-08T22:36:06.523Z

Reserved: 2026-07-08T17:07:44.744Z

Link: CVE-2026-15131

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-09T03:45:03Z

Weaknesses