CVE-2026-7360

EUVD-2026-26186
Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
ChromeCNA
3.1 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
googlechrome
𝑥
≤ 147.0.7727.138
CNA
Debian logo
Debian Releases
Debian Product
Codename
chromium
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
vulnerable
sid
vulnerable
trixie
vulnerable
trixie (security)
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
jammy
not-affected
noble
not-affected
questing
not-affected
resolute
not-affected
Common Weakness Enumeration
References
https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html
https://issues.chromium.org/issues/495852034