svg data leak

  1. Patch Chrome 150 Now: CVE-2026-13793 SVG Policy Flaw Cross-Origin Data Leak

    Google Chrome before version 150.0.7871.47 contains CVE-2026-13793, a high-severity Chromium SVG policy-enforcement flaw disclosed on June 30, 2026, that can let a remote attacker leak cross-origin data through a crafted HTML page. That is the plain answer, but it is not the full story. The more...