CVE-2026-7360

· NIST NVD ↗

Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

LOW
CVSS severity
3.1
CVSS base score
2026-04-28
Published

CWE codes

CWE-20

Affected products

google:chromeapple:macoslinux:linux_kernelmicrosoft:windows

Sources