CVE-2026-5283
Received
Received - Intake
Cross-Origin Data Leak in Chrome ANGLE Component (High
Publication date: 2026-04-01
Last updated on: 2026-04-01
Assigner: Chrome
Description
Description
Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chrome | to 146.0.7680.177 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an inappropriate implementation in ANGLE within Google Chrome versions prior to 146.0.7680.178. It allows a remote attacker to leak cross-origin data by using a specially crafted HTML page.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of data from different origins, meaning an attacker could access sensitive information from other websites or web applications that you visit, potentially compromising your privacy and security.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70