Insufficient Policy Enforcement in Google Chrome ServiceWorker
CVE-2026-9116

4.3MEDIUM

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 20 May 2026

What is CVE-2026-9116?

A vulnerability exists in the ServiceWorker component of Google Chrome that allows a remote attacker to exploit insufficient policy enforcement. This security flaw enables the attacker to leak cross-origin data through the use of a specially crafted HTML page. Users of versions prior to 148.0.7778.179 of Google Chrome are particularly at risk as this vulnerability poses significant security concerns, allowing unauthorized access and potential data exposure.

Affected Version(s)

Chrome 148.0.7778.179

References

https://chromereleases.googleblog.com/2026/05/stable-chan...

https://issues.chromium.org/issues/497436273

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
May 20, 2026

CVE-2026-9116 Data

JSON