Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L
Site isolation bypass implies scope change (S:C); renderer-already-compromised prerequisite justifies AC:H; confidentiality of cross-origin data is high; no integrity or availability impact from navigation bypass alone.
Primary rating from Vendor (Chrome).
CVSS VectorVendor: Chrome
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L
Lifecycle Timeline
4DescriptionCVE.org
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
AnalysisAI
Site isolation bypass in Google Chrome's Navigation component allows an attacker who has already compromised the renderer process to escape Chrome's cross-origin containment boundary via a crafted HTML page, affecting all Chrome versions prior to 149.0.7827.197. The vulnerability stems from insufficient input validation (CWE-20) in the Navigation subsystem, which fails to properly enforce site isolation when navigations are initiated from a compromised renderer. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires two sequential conditions to be satisfied: (1) the attacker must have already compromised the Chrome renderer process via a separate, unrelated vulnerability - this is an explicit prerequisite stated in the CVE description and is a significant barrier not reflected in the CVSS PR:N metric, which only reflects that no privileges are needed in the vulnerable Navigation component itself; (2) the user must visit a crafted HTML page that triggers the malicious navigation (UI:R). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD-assigned CVSS 3.1 score of 4.2 (AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L) appears to understate the real-world severity of a site isolation bypass, which by definition involves escaping a security scope boundary - more consistent with S:C rather than S:U. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker first exploits a separate renderer-level vulnerability in Chrome (e.g., a V8 or Blink memory corruption bug) to gain code execution within the sandboxed renderer process. From that position, they serve a crafted HTML page containing malicious navigation inputs to trigger the insufficient validation flaw in Chrome's Navigation component, escaping site isolation and gaining the ability to read sensitive data belonging to other origins such as authenticated session cookies or page content from a banking or SSO site open in another tab. … |
| Remediation | Update Google Chrome to stable channel version 149.0.7827.197 or later, as documented in the Chrome Releases advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Authentication Bypass
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39039
GHSA-32q7-rqp9-688w