Insufficient Policy Enforcement in Google Chrome on Windows
CVE-2026-8547

7.5HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 14 May 2026

What is CVE-2026-8547?

A weakness in Google Chrome's handling of password policies on Windows allows an attacker with control over the renderer process to escalate privileges. This vulnerability can be exploited through a specially crafted HTML page, enabling unauthorized access to sensitive data or system functionalities. Addressing this vulnerability requires updating to versions following 148.0.7778.168 to ensure robust security against exploitation attempts.

Affected Version(s)

Chrome 148.0.7778.168

References

https://chromereleases.googleblog.com/2026/05/stable-chan...

https://issues.chromium.org/issues/497632199

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
May 14, 2026

CVE-2026-8547 Data

JSON