CVE-2026-1504Google Chrome vulnerability

9 documents9 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 86.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeChromium
Timeline
PublishedJan 27
Latest updateMar 20

Description

Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5google/chrome144.0.7559.110144.0.7559.110
NVDgoogle/chrome< 144.0.7559.110
Debianchromium/chromium< 144.0.7559.109-1~deb12u1+2

🔴Vulnerability Details

3
GHSA
GHSA-m6qv-96fg-92g8: Inappropriate implementation in Background Fetch API in Google Chrome prior to 1442026-01-27
CVEList
CVE-2026-1504: Inappropriate implementation in Background Fetch API in Google Chrome prior to 1442026-01-27
OSV
CVE-2026-1504: Inappropriate implementation in Background Fetch API in Google Chrome prior to 1442026-01-27

📋Vendor Advisories

4
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2026-15042026-03-20
Red Hat
chromium-browser: Inappropriate implementation in Background Fetch API2026-01-27
Microsoft
Chromium: CVE-2026-1504 Inappropriate implementation in Background Fetch API2026-01-13
Debian
CVE-2026-1504: chromium - Inappropriate implementation in Background Fetch API in Google Chrome prior to 1...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-1504 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-1504 — Google Chrome vulnerability | cvebase