CVE-2026-8022
Inappropriate MHTML Implementation in Google Chrome Leads to Cross-Origin Data Leak
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: Chrome
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chrome | to 148.0.7778.96 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an inappropriate implementation in the MHTML feature of Google Chrome versions prior to 148.0.7778.96. It allows a remote attacker to leak cross-origin data by convincing a user to perform specific user interface gestures on a specially crafted MHTML page.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker could potentially access data from other origins (websites) that should be isolated, leading to unauthorized data leakage. This could compromise user privacy and security by exposing sensitive information through crafted MHTML content.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Google Chrome to version 148.0.7778.96 or later, as the issue is fixed in that release.
Additionally, avoid interacting with untrusted MHTML pages or links that could trigger the vulnerability.