CVE-2026-8576

Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html	Vendor Advisory
https://issues.chromium.org/issues/496231853	Permissions Required

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:google:chrome_os:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*

History

21 May 2026, 17:08

Type	Values Removed	Values Added
First Time		Linux linux Kernel Google Google chrome Os Linux Google chrome
CPE		cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:google:chrome_os:-:::::::* cpe:2.3:a:google:chrome::::::::
References	~~() https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html -~~	() https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html - Vendor Advisory
References	~~() https://issues.chromium.org/issues/496231853 -~~	() https://issues.chromium.org/issues/496231853 - Permissions Required

15 May 2026, 15:16

Type	Values Removed	Values Added
CWE		CWE-942
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3

14 May 2026, 20:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-14 20:17

Updated : 2026-05-21 17:08

NVD link : CVE-2026-8576

Mitre link : CVE-2026-8576

CVE.ORG link : CVE-2026-8576

JSON object : View

Products Affected

google

chrome
chrome_os

linux

linux_kernel

CWE

CWE-942

Permissive Cross-domain Policy with Untrusted Domains

4.3 /10