cbcvebase.
CVE-2026-9989
published 2026-05-28

CVE-2026-9989: Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file…

medium6.3CVSS 3.1
AVNACLPRNUIRSUCLILAL
Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium security severity: High)

Affected

4 ranges
VendorProductVersion rangeFixed in
googlechrome< 148.0.7778.216148.0.7778.216
googlechrome< 148.0.7778.215148.0.7778.215
googlechrome>= 148.0.7778.216 < 148.0.7778.216148.0.7778.216
googlechrome_desktop