CVE-2026-11284
CVE-2026-11284
In short
Google Chrome had a flaw that could allow attackers to leak data from other websites through specially crafted web pages, by observing performance timing information that was not properly protected.
Technical detail
A side-channel vulnerability in Chrome's PerformanceAPIs prior to v149.0.7827.53 enables cross-origin data exfiltration via timing side-channels. An attacker can craft a malicious HTML page that, when visited by a user, measures subtle performance differences to infer sensitive information from other origins. Mitigation requires browser update to v149.0.7827.53 or later.
Summary generated and translated by AI from the official description.
Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected products
Google · ChromeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →