Skip to main content

Google Chrome EUVDEUVD-2026-40526

| CVE-2026-13840 MEDIUM
Origin Validation Error (CWE-346)
2026-06-30 chrome-cve-admin@google.com GHSA-grwv-9fwx-5mmc
6.5
CVSS 3.1 · Vendor: google
Share

Severity by source

Vendor (google) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
vuln.today AI
6.5 MEDIUM

Attack is network-delivered via a crafted page requiring one victim visit (UI:R, PR:N); impact is confidentiality-only with no integrity or availability consequence.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from Vendor (google).

CVSS VectorVendor: google

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jul 01, 2026 - 16:29 vuln.today
CVSS changed
Jul 01, 2026 - 16:22 NVD
6.5 (MEDIUM)
CVE Published
Jun 30, 2026 - 23:16 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 30, 2026 - 23:16 cve.org
MEDIUM 6.5

DescriptionCVE.org

Insufficient policy enforcement in Canvas in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

AnalysisAI

Cross-origin data leakage in Google Chrome's Canvas component prior to version 150.0.7871.47 exposes sensitive cross-origin content to remote attackers via a crafted HTML page. The flaw bypasses Same-Origin Policy protections enforced at the Canvas API layer, enabling pixel-level or structured data extraction from cross-origin resources rendered in a canvas context. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Host crafted HTML page with Canvas exploit
Delivery
Lure victim via phishing or malicious redirect
Exploit
Victim browser renders cross-origin resource in canvas
Execution
Policy enforcement bypass allows canvas readback
Persist
Extract cross-origin pixel data via getImageData/toDataURL
Impact
Exfiltrate sensitive data to attacker server

Vulnerability AssessmentAI

Exploitation The victim must actively visit or be redirected to a crafted HTML page controlled by the attacker - user interaction is required (CVSS UI:R), meaning passive network interception is not sufficient. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS base score of 6.5 reflects a Medium-severity confidentiality-only flaw with no integrity or availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts a crafted HTML page containing JavaScript that draws a cross-origin image or resource into a Canvas element and exploits the policy enforcement gap to call getImageData() or toDataURL() to extract pixel data that would normally be blocked. A victim is socially engineered or redirected to this page - for example, via a phishing link or malicious advertisement - and upon page load, their browser silently leaks cross-origin content (such as authenticated profile images or rendered iframe content from a logged-in session) back to the attacker's server. …
Remediation The primary fix is upgrading Google Chrome to version 150.0.7871.47 or later, confirmed as the patched release via the Chrome Stable Channel Update advisory at http://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

EUVD-2026-40526 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy