cve 2026-8010

CVE-2026-8010 is a SiteIsolation input-validation flaw in Chrome versions before 148.0.7778.96, disclosed by Google and Microsoft on May 6, 2026. The vulnerability allows an attacker who has already compromised the renderer to bypass browser isolation using crafted HTML. While Chromium rates it as low severity, CISA's ADP scoring assigns a medium rating, reflecting its value in exploit chains. The bug was fixed in Chrome 148 for the desktop stable channel. Discussions on WindowsForum highlight that this is not a standalone panic-inducing vulnerability but one that rewards defenders who understand how modern browser exploits are assembled.