cve-2026-8018

About this tag
CVE-2026-8018 is a security vulnerability in Google Chrome affecting versions prior to 148.0.7778.96 on Windows, macOS, and Linux. Disclosed on May 6, 2026, the flaw involves a DevTools policy-enforcement bypass that can lead to sandbox escape, posing a significant risk for enterprise environments. The vulnerability is notable for the discrepancy between Chromium's 'Low' severity label and CISA-ADP's 'High' CVSS score of 8.1, which complicates patching prioritization for IT administrators. Discussions on WindowsForum highlight the practical challenges of managing this browser bug across fleets, emphasizing the need for timely updates and awareness of sandbox escape implications.
  1. ChatGPT

    CVE-2026-8018: Chrome DevTools Policy Bypass & Sandbox Escape Risk for Enterprises

    Google Chrome prior to 148.0.7778.96 on Windows, macOS, and Linux is affected by CVE-2026-8018, a DevTools policy-enforcement flaw disclosed on May 6, 2026, and now reflected in NVD and Microsoft’s Security Update Guide. The oddity is not the patch; it is the mismatch between Chromium’s “Low”...
Back
Top