CVE Catalog

CVE-2026-14033

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

8th percentile — higher than 8% of all known CVEs

Summary

Insufficient policy enforcement in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to bypass site isolation via a crafted HTML page. The vulnerability has a low severity rating according to Chromium.

Risk Assessment

An attacker could bypass site isolation, potentially gaining access to data from other domains, increasing the risk of information leakage within the organization.

Recommendation

Immediately update Google Chrome to version 150.0.7871.47 or later on all Windows systems in the organization.

Original NVD description (English source)

Insufficient policy enforcement in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS