Cross-Origin Data Leak via Malicious Extension in Google Chrome
CVE-2026-7351

Currently unrated

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 28 April 2026

What is CVE-2026-7351?

A race condition vulnerability in Google Chrome prior to version 147.0.7727.138 enables attackers to exploit crafted Chrome Extensions, leading to unauthorized cross-origin data leakage. Users may unknowingly install these malicious extensions, putting their sensitive information at risk. This vulnerability underscores the importance of maintaining updated browser versions and exercising caution when adding extensions.

Affected Version(s)

Chrome 147.0.7727.138

References

https://chromereleases.googleblog.com/2026/04/stable-chan...

https://issues.chromium.org/issues/499119490

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2026
Vulnerability Reserved
Apr 28, 2026

CVE-2026-7351 Data

JSON