
PEACH
Un cadre d’isolation des locataires
CVE-2026-14155 is a vulnerability involving insufficient policy enforcement in the StorageAccessAPI component of Google Chrome. It allows a remote attacker to leak cross-origin data via a crafted HTML page, effectively bypassing same-origin protections. All versions of Google Chrome prior to 150.0.7871.47 are affected. The vulnerability was published on June 30, 2026, and patched in Chrome 150.0.7871.47. Google has rated this as Low severity (Chromium security severity: Low), and the EPSS score is 0.0 (GitHub Advisory, Chrome Releases).
The root cause is insufficient policy enforcement in Chrome's StorageAccessAPI, which governs how cross-origin storage access is granted to embedded content. An attacker can craft a malicious HTML page that exploits this policy gap to read data from cross-origin contexts that should be protected by the browser's same-origin policy. No CWE classification has been formally assigned at this time. The vulnerability is tracked under Chromium issue 518246925, though access to the bug details may be restricted pending broad user update rollout (GitHub Advisory, Chrome Releases).
Successful exploitation allows an unauthenticated remote attacker to leak sensitive cross-origin data from a victim's browser session by luring them to a crafted HTML page. The primary impact is a confidentiality breach — data that should be isolated by the same-origin policy may be exposed to an attacker-controlled origin. Integrity and availability are not directly affected. The scope is limited to data accessible within the browser context, but could include session tokens, user data, or other sensitive information stored or accessible cross-origin (GitHub Advisory).
Google has patched this vulnerability in Chrome version 150.0.7871.47 (Windows/Mac) and 150.0.7871.46 (Linux), released on June 30, 2026. Users and administrators should update Google Chrome to version 150.0.7871.47 or later immediately. Organizations should enforce browser update policies to ensure automatic updates are not delayed or disabled by end users (Chrome Releases).
Source: Ce rapport a été généré à l’aide de l’IA
Évaluation gratuite des vulnérabilités
Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.
Obtenez une démo personnalisée
"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."