CVE-2026-14118
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to leak cross-origin data via a crafted HTML page.
Risk Assessment
The risk involves potential cross-origin data leakage, which could expose sensitive user information such as session tokens or personal data through manipulation of the DevTools interface.
Recommendation
It is recommended to immediately update Google Chrome to version 150.0.7871.47 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

