CVE Catalog

CVE-2026-14050

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. The vulnerability has a low severity rating according to Chromium.

Risk Assessment

An attacker could exploit this flaw to steal sensitive credentials or other information stored in the password manager, potentially leading to account compromise.

Recommendation

Update Google Chrome to version 150.0.7871.47 or later immediately to remediate this vulnerability.

Original NVD description (English source)

Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS