CVE Catalog
CVE-2026-14098
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.23%
14th percentile — higher than 14% of all known CVEs
Summary
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. The issue is rated as low severity.
Risk Assessment
An attacker could exploit this vulnerability to steal sensitive data from other origins, potentially compromising user data confidentiality.
Recommendation
It is recommended to update Google Chrome to version 150.0.7871.47 or later immediately.
Original NVD description (English source)
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

