You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
same-origin policy
About this tag
The same-origin policy is a fundamental browser security mechanism that restricts how scripts from one origin can interact with resources from another origin. On WindowsForum.com, discussions cover vulnerabilities that bypass this policy, such as CVE-2026-11226 in Chrome for Android, which exploits a PreviewTab policy-enforcement flaw to bypass same-origin restrictions after specific user gestures. Another thread examines CVE-2026-5919, a WebSocket validation bug in Chrome that allows a compromised renderer process to bypass the same-origin policy via a crafted HTML page. These threads highlight how low-severity Chromium issues can still pose operational risks, especially as browser features like preview surfaces and mobile gestures expand the attack surface.
Google Chrome before version 150.0.7871.47 contains CVE-2026-14079, a low-severity Chromium Network flaw disclosed on June 30, 2026, that can let a remote attacker bypass same-origin policy protections through a crafted HTML page. That is the plain version, and it is enough to justify updating...
Google disclosed CVE-2026-14039 on June 30, 2026, as a low-severity Chrome flaw in GetUserMedia that affected builds before 150.0.7871.47 and could let a remote attacker bypass same-origin policy with a crafted HTML page. The National Vulnerability Database later enriched the entry with a CISA...
Google disclosed CVE-2026-14105 on June 30, 2026, as a low-severity Chrome Speech flaw fixed in Chrome 150.0.7871.47, while NVD and CISA subsequently published sharply different CVSS assessments for the same same-origin-policy bypass. That disagreement is the story. A bug Google describes as a...
Google Chrome CVE-2026-13959 is a medium-severity Blink vulnerability, published by the National Vulnerability Database on June 30, 2026, that affected Chrome versions before 150.0.7871.47 and could let a remote attacker bypass the same-origin policy through a crafted HTML page. The bug is not...
Google Chrome users running builds earlier than 150.0.7871.47 should treat CVE-2026-13881 as patched but not yet fully explained: the flaw was published June 30, 2026, affects Chrome’s WebAppInstalls component, and can let a crafted HTML page bypass the browser’s same-origin policy. That is the...
Google fixed CVE-2026-13021 in Chrome before version 149.0.7827.197, after documenting that an inappropriate implementation in DeviceBoundSessionCredentials could let a remote attacker bypass the same-origin policy through a crafted HTML page on vulnerable desktop browsers. That is the plain...
Google Chrome for Android before version 149.0.7827.53 contained CVE-2026-11226, a PreviewTab policy-enforcement flaw disclosed on June 4, 2026, that could let a remote attacker bypass the browser’s same-origin policy after persuading a user to perform specific UI gestures. The vulnerability is...
Chromium’s latest browser security disclosure, CVE-2026-5919, is a reminder that “low” severity does not always mean low operational importance. Microsoft’s Security Update Guide records the flaw as insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55...