Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AV:N for remotely served page; UI:R for required victim interaction; I:L for navigation bypass only; no C or A impact; S:U as no scope change occurs.
Primary rating from Vendor (google).
CVSS VectorVendor: google
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
Inappropriate implementation in WebXR in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
AnalysisAI
WebXR implementation flaw in Google Chrome on Android prior to 150.0.7871.47 permits remote attackers to bypass navigation restrictions by delivering a crafted HTML page to a victim. The vulnerability is Android-specific and requires user interaction to trigger, constraining its reach. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation is limited to Google Chrome on Android - desktop Chrome and other browsers are not affected per the CVE description. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N scores 4.3 (Medium), reflecting a network-reachable, low-complexity attack requiring no privileges but mandating user interaction, with a limited integrity-only impact and no scope change. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker hosts a crafted HTML page that invokes Chrome's WebXR API on Android in an unexpected way to trigger the improper access control path. When a victim on an unpatched Android device visits the page and interacts with it, the browser's navigation restrictions are bypassed, potentially allowing the attacker to redirect the browser to unintended origins or manipulate navigation state outside of permitted bounds. … |
| Remediation | Update Google Chrome on Android to version 150.0.7871.47 or later via the Google Play Store or Chrome's built-in update mechanism; this is the vendor-confirmed fix as documented in the stable channel update advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allVendor StatusVendor
SUSE
Severity: Moderate| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40721
GHSA-jwv3-663x-vrw4