CVE-2026-11153
CVE-2026-11153
In short
A weakness in Google Chrome's form handling allows attackers to steal private data from other websites through a specially crafted webpage. This happens because Chrome didn't properly isolate form information between different websites.
Technical detail
Side-channel vulnerability in Chrome's form processing (CWE-1300) enables cross-origin data exfiltration via crafted HTML. An unauthenticated remote attacker can exploit timing or behavioral side-channels in form rendering to infer sensitive information from cross-origin contexts. Affected versions prior to 149.0.7827.53; requires user interaction with malicious page.
Summary generated and translated by AI from the official description.
Side-channel information leakage in Forms in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected products
Google · ChromeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →