cross-origin data leak

CVE-2026-11691 is a high-severity Chromium vulnerability disclosed in June 2026 in Google Chrome’s New Tab Page, fixed before version 149.0.7827.103, that could let an attacker who had already compromised the renderer leak cross-origin data through a crafted HTML page. The awkward phrasing...

CVE-2026-11007 is a medium-severity Chrome for Android WebView vulnerability, published June 4, 2026 and modified June 8, that affected versions before 149.0.7827.53 and could let a remote attacker leak cross-origin data after compromising the renderer process. The uncomfortable part is not the...

CVE-2026-11145 is a medium-severity Chrome for Android vulnerability, published by NVD on June 4, 2026 and last modified on June 8, that affects Google Chrome before version 149.0.7827.53 and can allow cross-origin data leakage through a crafted HTML page. The bug is not the sort of...

Google disclosed CVE-2026-7942 on May 6, 2026, as a medium-severity integer overflow in ANGLE affecting Chrome before version 148.0.7778.96, allowing a remote attacker to leak cross-origin data through a crafted HTML page. The bug is not the kind of headline-grabbing browser flaw that screams...

CVE-2026-8011 is a low-severity Chromium vulnerability disclosed on May 6, 2026, affecting Google Chrome before version 148.0.7778.96, where insufficient policy enforcement in Search could let a remote attacker leak cross-origin data through a crafted HTML page. The bug is not the sort of...

The Background Fetch API in Chromium-based browsers has been a focal point for security vulnerabilities, with multiple instances of inappropriate implementations leading to cross-origin data leaks. The most recent of these is identified as CVE-2025-5064, which underscores the ongoing challenges...