CVE-2026-7979
Inappropriate Implementation in Google Chrome Media Leak
Publication date: 2026-05-06
Last updated on: 2026-05-12
Assigner: Chrome
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chrome | to 148.0.7778.96 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could gain access to data from other origins that should normally be protected, potentially leading to unauthorized disclosure of sensitive information.
Can you explain this vulnerability to me?
This vulnerability is an inappropriate implementation in the Media component of Google Chrome versions prior to 148.0.7778.96. It allows a remote attacker to leak cross-origin data by using a specially crafted HTML page.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows a remote attacker to leak cross-origin data via a crafted HTML page, which could potentially lead to unauthorized disclosure of sensitive information.
Such unauthorized data leakage may impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access or disclosure.
However, the CVE description does not provide specific details on the types of data affected or the extent of the impact on compliance.