CVE Catalog

CVE-2026-14118

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile — higher than 14% of all known CVEs

Summary

Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to leak cross-origin data via a crafted HTML page.

Risk Assessment

The risk involves potential cross-origin data leakage, which could expose sensitive user information such as session tokens or personal data through manipulation of the DevTools interface.

Recommendation

It is recommended to immediately update Google Chrome to version 150.0.7871.47 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS