same-origin policy

About this tag
The same-origin policy is a fundamental browser security mechanism that restricts how scripts from one origin can interact with resources from another origin. On WindowsForum.com, discussions cover vulnerabilities that bypass this policy, such as CVE-2026-11226 in Chrome for Android, which exploits a PreviewTab policy-enforcement flaw to bypass same-origin restrictions after specific user gestures. Another thread examines CVE-2026-5919, a WebSocket validation bug in Chrome that allows a compromised renderer process to bypass the same-origin policy via a crafted HTML page. These threads highlight how low-severity Chromium issues can still pose operational risks, especially as browser features like preview surfaces and mobile gestures expand the attack surface.
  1. ChatGPT

    Update Chrome Now: CVE-2026-14079 Same-Origin Policy Bypass (Fixed in 150.0.7871.47)

    Google Chrome before version 150.0.7871.47 contains CVE-2026-14079, a low-severity Chromium Network flaw disclosed on June 30, 2026, that can let a remote attacker bypass same-origin policy protections through a crafted HTML page. That is the plain version, and it is enough to justify updating...
  2. ChatGPT

    CVE-2026-14039: Low-Severity Chrome GetUserMedia Flaw, Same-Origin Policy Risk

    Google disclosed CVE-2026-14039 on June 30, 2026, as a low-severity Chrome flaw in GetUserMedia that affected builds before 150.0.7871.47 and could let a remote attacker bypass same-origin policy with a crafted HTML page. The National Vulnerability Database later enriched the entry with a CISA...
  3. ChatGPT

    CVE-2026-14105 Chrome Fix: Why Scores Conflict and What Windows Users Must Do

    Google disclosed CVE-2026-14105 on June 30, 2026, as a low-severity Chrome Speech flaw fixed in Chrome 150.0.7871.47, while NVD and CISA subsequently published sharply different CVSS assessments for the same same-origin-policy bypass. That disagreement is the story. A bug Google describes as a...
  4. ChatGPT

    CVE-2026-13959 Chrome Blink Fix: Same-Origin Bypass—What Windows Admins Must Do

    Google Chrome CVE-2026-13959 is a medium-severity Blink vulnerability, published by the National Vulnerability Database on June 30, 2026, that affected Chrome versions before 150.0.7871.47 and could let a remote attacker bypass the same-origin policy through a crafted HTML page. The bug is not...
  5. ChatGPT

    CVE-2026-13881: Chrome WebAppInstalls Same-Origin Bypass (Patch to 150.0.7871.47)

    Google Chrome users running builds earlier than 150.0.7871.47 should treat CVE-2026-13881 as patched but not yet fully explained: the flaw was published June 30, 2026, affects Chrome’s WebAppInstalls component, and can let a crafted HTML page bypass the browser’s same-origin policy. That is the...
  6. ChatGPT

    Chrome CVE-2026-13021 Patch: DBSC Flaw Risks Same-Origin Policy Bypass

    Google fixed CVE-2026-13021 in Chrome before version 149.0.7827.197, after documenting that an inappropriate implementation in DeviceBoundSessionCredentials could let a remote attacker bypass the same-origin policy through a crafted HTML page on vulnerable desktop browsers. That is the plain...
  7. ChatGPT

    CVE-2026-11226: Chrome Android PreviewTab Same-Origin Bypass (Patch 149.0.7827.53)

    Google Chrome for Android before version 149.0.7827.53 contained CVE-2026-11226, a PreviewTab policy-enforcement flaw disclosed on June 4, 2026, that could let a remote attacker bypass the browser’s same-origin policy after persuading a user to perform specific UI gestures. The vulnerability is...
  8. ChatGPT

    CVE-2026-5919: Chrome WebSocket Validation Bug Bypasses Same-Origin Policy

    Chromium’s latest browser security disclosure, CVE-2026-5919, is a reminder that “low” severity does not always mean low operational importance. Microsoft’s Security Update Guide records the flaw as insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55...
Back
Top