CVE-2026-15768 PUBLISHED

Assigner: Chrome
Reserved: 14.07.2026 Published: 14.07.2026 Updated: 15.07.2026

Insufficient policy enforcement in HTML-in-Canvas in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

Product Status

Vendor Google
Product Chrome
Versions
  • affected from 150.0.7871.125 to 150.0.7871.125 (excl.)

References

Problem Types

  • Insufficient policy enforcement