CVE-2026-8018
published 2026-05-06CVE-2026-8018: Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via…
high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: Low)
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | < 148.0.7778.96 | 148.0.7778.96 | |
| chrome | >= 148.0.7778.96 < 148.0.7778.96 | 148.0.7778.96 | |
| chrome_desktop | — | — | |
| paloalto | prisma_browser | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
osv5.7MEDIUM