CVE-2026-14033
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
Insufficient policy enforcement in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to bypass site isolation via a crafted HTML page. The vulnerability has a low severity rating according to Chromium.
Risk Assessment
An attacker could bypass site isolation, potentially gaining access to data from other domains, increasing the risk of information leakage within the organization.
Recommendation
Immediately update Google Chrome to version 150.0.7871.47 or later on all Windows systems in the organization.
Original NVD description (English source)
Insufficient policy enforcement in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)

