Skip to main content

Google Chrome Android CVE-2026-13868

| EUVDEUVD-2026-40554 MEDIUM
Origin Validation Error (CWE-346)
2026-06-30 chrome-cve-admin@google.com GHSA-525c-544m-43xw
6.5
CVSS 3.1 · Vendor: google
Share

Severity by source

Vendor (google) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
vuln.today AI
6.1 MEDIUM

AC:H reflects the mandatory prior renderer compromise; S:C reflects site isolation bypass crossing security domain boundaries between origins.

3.1 AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from Vendor (google).

CVSS VectorVendor: google

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jul 01, 2026 - 15:40 vuln.today
CVSS changed
Jul 01, 2026 - 15:22 NVD
6.5 (MEDIUM)
CVE Published
Jun 30, 2026 - 23:17 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 30, 2026 - 23:17 cve.org
MEDIUM 6.5

DescriptionCVE.org

Inappropriate implementation in Network in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

AnalysisAI

Site isolation bypass in Google Chrome on Android prior to 150.0.7871.47 enables a remote attacker - who has already achieved renderer process compromise via a separate exploit - to break cross-origin security boundaries using a crafted HTML page. The root cause is CWE-346 (Origin Validation Error) in Chrome's Android-specific network implementation, meaning the network layer fails to enforce origin checks when requests originate from a compromised renderer context. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Exploit separate Chrome Android renderer vulnerability
Delivery
Gain code execution within renderer sandbox
Exploit
Serve crafted HTML page to victim
Execution
Trigger origin validation error in Android network layer
Persist
Bypass site isolation boundaries
Impact
Perform unauthorized cross-origin integrity impact

Vulnerability AssessmentAI

Exploitation Exploitation requires two sequential conditions: (1) the attacker must have already achieved code execution within the Chrome renderer process on Android via a separate, independent vulnerability - this is a hard prerequisite explicitly stated in the CVE description and is not fulfilled by this CVE alone; (2) the victim must visit or be redirected to a crafted HTML page (UI:R), triggering the network implementation flaw from within the compromised renderer context. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The official CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, score 6.5) materially understates attack complexity: it assigns AC:L despite the description explicitly requiring a prior renderer process compromise, which is a significant prerequisite not reflected in the score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker first exploits a separate renderer process vulnerability (e.g., a V8 JavaScript engine bug) to gain code execution inside Chrome's renderer sandbox on an Android device. They then navigate the victim to a crafted HTML page that triggers the Android-specific network implementation flaw, breaking site isolation to perform unauthorized cross-origin actions - such as issuing requests or navigating frames to restricted origins - impacting integrity of cross-origin content. …
Remediation Update Google Chrome on Android to version 150.0.7871.47 or later - this is the vendor-confirmed fixed release per the Chrome stable channel advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

CVE-2026-13868 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy