Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AC:H because prior renderer compromise is required; S:C and C:H because site isolation bypass enables read access to cross-origin data, constituting a scope change.
Primary rating from Vendor (google).
CVSS VectorVendor: google
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Lifecycle Timeline
4DescriptionCVE.org
Inappropriate implementation in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
AnalysisAI
Site isolation bypass in Google Chrome for Android (prior to 150.0.7871.47) allows a remote attacker who has already achieved renderer process compromise to cross origin boundaries using a crafted HTML page, enabling high-integrity impact against other open sites. The root cause is CWE-20 (Improper Input Validation) within Chrome's Input subsystem on Android - an input handling implementation flaw that fails to enforce cross-origin separation once the renderer is under adversary control. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Two sequential prerequisites must both be satisfied: (1) the attacker must have already compromised the Chrome renderer process on the target Android device, typically via a separate vulnerability such as a memory corruption bug in Chrome's rendering engine - this is the binding constraint and is not trivially achieved; (2) the victim must navigate to or load a crafted HTML page controlled by the attacker (CVSS UI:R). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD CVSS 3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) captures the network accessibility and high integrity impact but likely underrepresents complexity and scope. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker first exploits a separate renderer-level vulnerability in Chrome for Android - such as a memory corruption bug in the HTML parser or JavaScript engine - to gain code execution within the renderer process, then serves a crafted HTML page to the victim's Chrome instance. The malicious page triggers the improper input handling flaw to break Chrome's site isolation, allowing the attacker to read or tamper with data from other origins the user has open (e.g., a banking session or webmail). … |
| Remediation | Update Google Chrome for Android to version 150.0.7871.47 or later, which is the vendor-released patch per the Chrome stable channel advisory at http://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Authentication Bypass
View allVendor StatusVendor
SUSE
Severity: Moderate| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40552
GHSA-4wj6-h6wx-47r8