cve-2026-8004

About this tag
CVE-2026-8004 is a low-severity Chromium DevTools policy-enforcement flaw disclosed on May 6, 2026, affecting Google Chrome before version 148.0.7778.96. The vulnerability can allow a malicious Chrome extension to leak cross-origin data after convincing a user to install it. It is not a drive-by browser exploit but rather a quiet weakness at the seam between developer tooling, extension permissions, and the same-origin security model. Discussions on WindowsForum cover the bug's mechanics, its limited severity, and implications for enterprise defenders who may underestimate such flaws. The tag also addresses CPE assignment questions and the broader context of browser security updates.
  1. CVE-2026-8004 Chrome DevTools Bug: Patch Chrome 148 and Govern Extensions

    Google Chrome before 148.0.7778.96 contains CVE-2026-8004, a low-severity Chromium DevTools policy-enforcement flaw disclosed on May 6, 2026, that can let a malicious Chrome extension leak cross-origin data after convincing a user to install it. The bug is not a drive-by browser apocalypse, and...