Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.115 allowed a local attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
Metrics
Affected Vendors & Products
References
History
Thu, 09 Jul 2026 23:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Local Same-Origin Policy Bypass via WebAppInstalls Input Validation Failure in Android Chrome |
Thu, 09 Jul 2026 11:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Thu, 09 Jul 2026 09:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Local Same-Origin Policy Bypass via WebAppInstalls Input Validation Failure in Android Chrome |
Thu, 09 Jul 2026 00:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Google
Google chrome |
|
| Vendors & Products |
Google
Google chrome |
Wed, 08 Jul 2026 23:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.115 allowed a local attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High) | |
| Weaknesses | CWE-20 | |
| References |
|
Status: PUBLISHED
Assigner: Chrome
Published: 2026-07-08T22:36:01.233Z
Updated: 2026-07-09T10:32:24.506Z
Reserved: 2026-07-08T17:07:40.716Z
Link: CVE-2026-15115
Updated: 2026-07-09T10:32:21.039Z
No data.
No data.