CVE-2026-14092
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
Insufficient policy enforcement in Privacy in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via malicious network traffic.
Risk Assessment
The risk involves potential interception of sensitive data by an attacker on the local or intermediary network, which could lead to a breach of user information confidentiality.
Recommendation
It is recommended to immediately update Google Chrome to version 150.0.7871.47 or later to mitigate this vulnerability.
Original NVD description (English source)
Insufficient policy enforcement in Privacy in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via malicious network traffic. (Chromium security severity: Low)

