CVE-2026-14116
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page.
Risk Assessment
The risk involves potential cross-origin data leakage, which could expose sensitive user information such as session data or content from other origins.
Recommendation
It is recommended to immediately update Google Chrome to version 150.0.7871.47 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

