CVE Catalog

CVE-2026-14092

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile — higher than 4% of all known CVEs

Summary

Insufficient policy enforcement in Privacy in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via malicious network traffic.

Risk Assessment

The risk involves potential interception of sensitive data by an attacker on the local or intermediary network, which could lead to a breach of user information confidentiality.

Recommendation

It is recommended to immediately update Google Chrome to version 150.0.7871.47 or later to mitigate this vulnerability.

Original NVD description (English source)

Insufficient policy enforcement in Privacy in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via malicious network traffic. (Chromium security severity: Low)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS