Description
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Severity (CVSS)
| Base score | 4.7 |
|---|---|
| Severity | Medium |
| Version | CVSS 3.1 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N |
| Provided by | CISA-ADP |
Weaknesses
- — Inappropriate implementation
- CWE-346 — CWE-346 Origin Validation Error
Affected products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | 149.0.7827.197 to <149.0.7827.197 |
References
Generated from the official CVE List on 25 Jun 2026 10:14 UTC.