What is the CVSS score of CVE-2026-8545?

CVE-2026-8545 has a CVSS 3.1 base score of 3.1 (Low). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-8545?

Yes, a patch is available for CVE-2026-8545. Update the affected software to the latest version immediately.

Google Chrome CVE-2026-8545

EUVD-2026-30457 LOW

Improper Access Control (CWE-284)

2026-05-14 Chrome

GHSA-6637-whm9-6p45

Authentication Bypass Google

3.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

May 15, 2026 - 15:24 vuln.today

CVSS changed

May 15, 2026 - 15:22 NVD

3.1 (None) 3.1 (LOW)

CVE Published

May 14, 2026 - 19:52 nvd

UNKNOWN (no severity yet)

DescriptionNVD

Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

AnalysisAI

Cross-origin data leakage in Google Chrome versions prior to 148.0.7778.168 occurs when an attacker who has already compromised the renderer process exploits an object corruption flaw in the Compositing component. The vulnerability requires user interaction with a malicious HTML page and high attack complexity to leak sensitive cross-origin data. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-44739 HIGH This Week

8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config

CVE-2026-8842 MEDIUM This Month

6.4 May 27

Stored Cross-Site Scripting in the Google+ Link Name WordPress plugin (versions up to and including 1.0) allows authenti

CVE-2025-68712 MEDIUM This Month

5.5 May 27

Authentication bypass in SpSoft AppLock 7.9.40 for Android allows a local attacker with physical device access to circum

CVE-2026-7552 MEDIUM This Month

5.3 May 28

Authorization bypass in the Geo Mashup WordPress plugin (all versions ≤ 1.13.19) exposes sensitive plugin configuration

CVE-2025-68709 MEDIUM This Month

5.2 May 26

Arbitrary JavaScript execution in SailingLab AppLock 4.3.8 for Android is triggered by a malicious co-installed app send

CVE-2026-8545 vulnerability details – vuln.today

Back

Google Chrome CVE-2026-8545

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code