Insufficient Policy Enforcement Vulnerability in Google Chrome
CVE-2026-15768

Currently unrated

Key Information:

Vendor

Google

Status
Vendor
CVE Published:
14 July 2026

What is CVE-2026-15768?

A vulnerability exists in earlier versions of Google Chrome that allows a remote attacker to circumvent the same origin policy by using a maliciously crafted HTML page. This insufficient policy enforcement in the HTML-in-Canvas feature could potentially expose users to various security risks, including data theft and unauthorized actions on the user's behalf.

Affected Version(s)

Chrome 150.0.7871.125

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.