Insufficient Policy Enforcement in Google Chrome
CVE-2026-14156

Currently unrated

Key Information:

Vendor

Google

Status
Vendor
CVE Published:
30 June 2026

What is CVE-2026-14156?

A vulnerability in Google Chrome's StorageAccessAPI prior to version 150.0.7871.47 allows remote attackers to exploit insufficient policy enforcement. By compromising the renderer process, attackers can bypass the same origin policy using a specially crafted HTML page, which can lead to unauthorized access to sensitive data or functionalities within the browser. This highlights the importance of updating to the latest version to mitigate such security risks.

Affected Version(s)

Chrome 150.0.7871.47

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.