CVE Catalog
CVE-2026-14004
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.30%
22th percentile — higher than 22% of all known CVEs
Summary
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Risk Assessment
An attacker can exfiltrate sensitive data from other origins, potentially leading to privacy breaches and leakage of business information.
Recommendation
Immediately update Google Chrome to version 150.0.7871.47 or later.
Original NVD description (English source)
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

