Cross-Site Scripting Vulnerability in Google Chrome
CVE-2026-15128

Currently unrated

Key Information:

Vendor

Google

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-15128?

A vulnerability exists in Google Chrome that permits remote attackers to execute arbitrary scripts or HTML code (UXSS) through specially crafted HTML pages. This flaw occurs due to inappropriate implementation in the browser's Forms functionality prior to version 150.0.7871.115, potentially compromising the security of users by allowing unauthorized actions and data exposure.

Affected Version(s)

Chrome 150.0.7871.115

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.