Insufficient Policy Enforcement in Google Chrome for Android
CVE-2026-8566

Currently unrated

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 14 May 2026

What is CVE-2026-8566?

A vulnerability in Google Chrome for Android versions prior to 148.0.7778.168 enables remote attackers to bypass discretionary access control mechanisms. By crafting a specific HTML page, an attacker can exploit the insufficient policy enforcement, potentially leading to unauthorized access and manipulation of sensitive data. This flaw underscores the importance of keeping web browsers updated to mitigate risks associated with such vulnerabilities.

Affected Version(s)

Chrome 148.0.7778.168

References

https://chromereleases.googleblog.com/2026/05/stable-chan...

https://issues.chromium.org/issues/470646792

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
May 14, 2026

CVE-2026-8566 Data

JSON