You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
site isolation bypass
About this tag
The site isolation bypass tag covers vulnerabilities in Chromium-based browsers that allow an attacker to circumvent Chrome's site isolation security feature, even after compromising the renderer process. Recent discussions focus on CVE-2026-7910 and CVE-2026-7959, both affecting Chrome 148 on Windows. These flaws highlight the complexity of browser security, where a bypass after renderer compromise can undermine the isolation between sites. For Windows IT administrators, the practical takeaway is to inventory browser build numbers and verify patches across all Chromium-derived browsers, as vulnerability databases may not fully capture the ecosystem. The tag emphasizes the need for proactive patching and understanding the limits of site isolation as a defense.
Google fixed CVE-2026-13806 in Chrome 150.0.7871.47 for Windows and Mac after disclosing that earlier builds allowed a remote attacker, already inside Chrome’s renderer process, to bypass site isolation through a crafted HTML page using insufficient input validation in Accessibility. The...
CVE-2026-7910 is a high-severity Chromium use-after-free flaw in the Views component, fixed in Google Chrome 148.0.7778.96/97 on May 5, 2026, and NVD’s current enrichment already includes the Google Chrome CPE, with Windows, Linux, and macOS modeled as underlying platforms. That means the...
Google and Microsoft disclosed CVE-2026-7959 on May 6, 2026, after Chrome 148 reached the stable desktop channel, fixing a medium-severity Chromium Navigation flaw that could let an attacker who had already compromised Chrome’s renderer bypass site isolation with a crafted HTML page. That...