Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
Insufficient policy enforcement in Extensions in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)
AnalysisAI
Insufficient policy enforcement in Chrome Extensions prior to version 148.0.7778.96 allows a remote attacker with a compromised renderer process to bypass discretionary access controls via a crafted HTML page, potentially leading to unauthorized information disclosure or modification. The vulnerability requires user interaction and a pre-existing renderer compromise, limiting its practical exploitation scope. A vendor-released patch is available in Chrome 148.0.7778.96 and later.
Technical ContextAI
This vulnerability stems from CWE-693 (Protection Mechanism Failure), specifically inadequate policy enforcement within Chrome's extension sandboxing architecture. Chrome Extensions operate within a restricted security context, and this flaw allows an attacker who has already gained code execution in the renderer process (the browser's HTML/JavaScript execution environment) to circumvent the discretionary access controls that normally isolate extension permissions and capabilities. The renderer process is typically compromised through a separate renderer vulnerability; this CVE exploits insufficient policy validation after that initial breach. The attack surface involves crafted HTML payloads that trigger the policy bypass when processed by a compromised renderer.
RemediationAI
Update Google Chrome to version 148.0.7778.96 or later immediately. Chrome's auto-update mechanism will deliver this patch automatically on most systems; users can manually check for updates by navigating to Chrome Menu → About Google Chrome, which will force a check and apply any pending updates. No workarounds for pre-patch versions are available, as the vulnerability is embedded in the extension policy enforcement layer. Administrators managing Chrome via enterprise policies should verify that Chrome auto-updates are enabled and monitor deployment to ensure all instances are updated within 24-48 hours of patch availability. The patch addresses the underlying policy enforcement gap; no configuration changes or feature disabling is necessary post-patch.
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, a
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, do
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderb
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Conta
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbi
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and Se
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13
Same weakness CWE-693 – Protection Mechanism Failure
View allSame technique Authentication Bypass
View allVendor StatusVendor
SUSE
Severity: MediumShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28007