What the vulnerability does
01Description
Insufficient validation of untrusted input in FedCM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVSS base score
—
Key dates
02Disclosure timeline
May 6, 2026
CVE published
May 6, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-22771 Hitron Systems DVR LGUVR-4H Improper Input Validation Vulnerability
CVE-2024-13943 Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability
CVE-2021-20297
CVE-2020-5243 Denial of Service in uap-core when processing crafted User-Agent strings
CVE-2022-2385 AccessKeyID validation bypass
