CVE-2026-14050
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. The vulnerability has a low severity rating according to Chromium.
Risk Assessment
An attacker could exploit this flaw to steal sensitive credentials or other information stored in the password manager, potentially leading to account compromise.
Recommendation
Update Google Chrome to version 150.0.7871.47 or later immediately to remediate this vulnerability.
Original NVD description (English source)
Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

