Insufficient Policy Enforcement in Google Chrome
CVE-2026-14156
Currently unrated
What is CVE-2026-14156?
A vulnerability in Google Chrome's StorageAccessAPI prior to version 150.0.7871.47 allows remote attackers to exploit insufficient policy enforcement. By compromising the renderer process, attackers can bypass the same origin policy using a specially crafted HTML page, which can lead to unauthorized access to sensitive data or functionalities within the browser. This highlights the importance of updating to the latest version to mitigate such security risks.
Affected Version(s)
Chrome 150.0.7871.47