CVE-2026-14155
Chromium Analyse et atténuation des vulnérabilités

Aperçu

CVE-2026-14155 is a vulnerability involving insufficient policy enforcement in the StorageAccessAPI component of Google Chrome. It allows a remote attacker to leak cross-origin data via a crafted HTML page, effectively bypassing same-origin protections. All versions of Google Chrome prior to 150.0.7871.47 are affected. The vulnerability was published on June 30, 2026, and patched in Chrome 150.0.7871.47. Google has rated this as Low severity (Chromium security severity: Low), and the EPSS score is 0.0 (GitHub Advisory, Chrome Releases).

Détails techniques

The root cause is insufficient policy enforcement in Chrome's StorageAccessAPI, which governs how cross-origin storage access is granted to embedded content. An attacker can craft a malicious HTML page that exploits this policy gap to read data from cross-origin contexts that should be protected by the browser's same-origin policy. No CWE classification has been formally assigned at this time. The vulnerability is tracked under Chromium issue 518246925, though access to the bug details may be restricted pending broad user update rollout (GitHub Advisory, Chrome Releases).

Impact

Successful exploitation allows an unauthenticated remote attacker to leak sensitive cross-origin data from a victim's browser session by luring them to a crafted HTML page. The primary impact is a confidentiality breach — data that should be isolated by the same-origin policy may be exposed to an attacker-controlled origin. Integrity and availability are not directly affected. The scope is limited to data accessible within the browser context, but could include session tokens, user data, or other sensitive information stored or accessible cross-origin (GitHub Advisory).

Atténuation et solutions de contournement

Google has patched this vulnerability in Chrome version 150.0.7871.47 (Windows/Mac) and 150.0.7871.46 (Linux), released on June 30, 2026. Users and administrators should update Google Chrome to version 150.0.7871.47 or later immediately. Organizations should enforce browser update policies to ensure automatic updates are not delayed or disabled by end users (Chrome Releases).

Ressources additionnelles


SourceCe rapport a été généré à l’aide de l’IA

Apparenté Chromium Vulnérabilités:

Identifiant CVE

Sévérité

Score

Technologies

Nom du composant

Exploit CISA KEV

A corrigé

Date de publication

CVE-2026-14156NONEN/A
  • Chromium logoChromium
  • chromium
NonNonJun 30, 2026
CVE-2026-14155NONEN/A
  • Chromium logoChromium
  • chromium
NonNonJun 30, 2026
CVE-2026-14154NONEN/A
  • Chromium logoChromium
  • chromium
NonNonJun 30, 2026
CVE-2026-14153NONEN/A
  • Chromium logoChromium
  • chromium
NonNonJun 30, 2026
CVE-2026-14152NONEN/A
  • Chromium logoChromium
  • chromium
NonNonJun 30, 2026

Évaluation gratuite des vulnérabilités

Évaluez votre posture de sécurité dans le cloud

Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.

Demander une évaluation

Obtenez une démo personnalisée

Prêt(e) à voir Wiz en action ?

"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
David EstlickRSSI
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
Adam FletcherChef du service de sécurité
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."
Greg PoniatowskiResponsable de la gestion des menaces et des vulnérabilités