You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026 8013
About this tag
CVE-2026-8013 is a low-severity input-validation flaw in Chrome's Federated Credential Management (FedCM) feature, disclosed by Google on May 6, 2026. The vulnerability, fixed before Chrome 148.0.7778.96, could allow a remote attacker to leak cross-origin data via a crafted HTML page after user interaction. While the bug itself is minor, it highlights that browser identity plumbing is becoming security-critical infrastructure, especially for Windows and Edge users. The tag covers discussion of the patch, implications for cross-origin data leakage, and the broader context of FedCM as a replacement for third-party cookies in identity management.
Google disclosed CVE-2026-8013 on May 6, 2026, as a low-severity Chrome FedCM input-validation flaw fixed before version 148.0.7778.96, where a crafted HTML page could let a remote attacker leak cross-origin data after user interaction. That sounds like a small browser bug, and in isolation it...