CVE-2026-14021
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. The issue stems from inadequate security policy enforcement.
Risk Assessment
The organization is at risk of cross-origin data leakage, potentially leading to theft of authentication credentials or other sensitive user information.
Recommendation
Immediately update Google Chrome to version 150.0.7871.47 or later to remediate the vulnerability.
Original NVD description (English source)
Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

