{"id":"EUVD-2026-28021","enisaUuid":"e9dbc2ee-d685-3876-b593-1d77bb84da04","description":"Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)","datePublished":"May 6, 2026, 6:12:52 PM","dateUpdated":"May 8, 2026, 7:49:03 PM","baseScore":3.1,"baseScoreVersion":"3.1","baseScoreVector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","references":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html\nhttps://issues.chromium.org/issues/496645205\n","aliases":"CVE-2026-7959\n","assigner":"Chrome","epss":0.03,"enisaIdProduct":[{"id":"358f44b8-c5da-3ffb-9cef-471fa16cf698","product":{"name":"Chrome"},"product_version":"148.0.7778.96 \u003c148.0.7778.96"}],"enisaIdVendor":[{"id":"21d27fc8-f511-3f76-8ba7-f902864fa753","vendor":{"name":"Google"}}],"enisaIdVulnerability":[{"id":"374b2041-e355-3714-910d-d6e20476c671","vulnerability":{"id":"GHSA-4h9g-v689-2rmq","description":"Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)","datePublished":"May 6, 2026, 9:31:40 PM","dateUpdated":"May 7, 2026, 1:05:52 AM","baseScore":0.0,"references":"https://nvd.nist.gov/vuln/detail/CVE-2026-7959\nhttps://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html\nhttps://issues.chromium.org/issues/496645205\n","enisa_id":"EUVD-2026-28021\nEUVD-2026-28022\n","aliases":"GHSA-4h9g-v689-2rmq\nCVE-2026-7959\n","epss":0.0,"dataProcessed":"May 10, 2026, 7:09:00 AM","vulnerabilityProduct":[],"vulnerabilityVendor":[]}},{"id":"cb10beaa-e8cc-3b07-9c19-4fc09e6c7e5f","vulnerability":{"id":"CVE-2026-7959","description":"Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)","datePublished":"May 6, 2026, 6:12:52 PM","dateUpdated":"May 8, 2026, 7:49:03 PM","status":"PUBLISHED","baseScore":3.1,"baseScoreVersion":"3.1","baseScoreVector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","references":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html\nhttps://issues.chromium.org/issues/496645205\n","enisa_id":"EUVD-2026-28021\n","assigner":"Chrome","epss":0.03,"dataProcessed":"May 10, 2026, 7:25:24 AM","vulnerabilityProduct":[{"id":"32baa26a-fe86-39a6-9eea-0de5498a0063","product":{"name":"Chrome"},"product_version":"148.0.7778.96 \u003c148.0.7778.96"}],"vulnerabilityVendor":[{"id":"19ed09a2-3392-38c6-aa3a-0ac11aa00778","vendor":{"name":"Google"}}]}}],"enisaIdAdvisory":[{"id":"e7d517e4-f84a-3abb-b0ed-d82535e8ffd1","advisory":{"id":"WID-SEC-W-2026-1394","description":"Google Chrome/Microsoft Edge: Mehrere Schwachstellen","summary":"Ein Angreifer kann mehrere Schwachstellen in Google Chrome/Microsoft Edge ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, darunter möglicherweise Codeausführung, Umgehung von Sicherheitsmaßnahmen, Denial-of-Service sowie Datenmanipulation oder -offenlegung.","datePublished":"May 6, 2026, 10:00:00 PM","dateUpdated":"May 7, 2026, 10:00:00 PM","baseScore":0.0,"references":"https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1394.json\nhttps://wid.cert-bund.de/portal/wid/securityadvisory?name\u003dWID-SEC-2026-1394\n","aliases":"CVE-2026-7896\nCVE-2026-7897\nCVE-2026-7898\nCVE-2026-7899\nCVE-2026-7900\nCVE-2026-7901\nCVE-2026-7902\nCVE-2026-7903\nCVE-2026-7904\nCVE-2026-7905\nCVE-2026-7906\nCVE-2026-7907\nCVE-2026-7908\nCVE-2026-7909\nCVE-2026-7910\nCVE-2026-7911\nCVE-2026-7912\nCVE-2026-7913\nCVE-2026-7914\nCVE-2026-7915\nCVE-2026-7916\nCVE-2026-7917\nCVE-2026-7918\nCVE-2026-7919\nCVE-2026-7920\nCVE-2026-7921\nCVE-2026-7922\nCVE-2026-7923\nCVE-2026-7924\nCVE-2026-7925\nCVE-2026-7926\nCVE-2026-7927\nCVE-2026-7928\nCVE-2026-7929\nCVE-2026-7930\nCVE-2026-7931\nCVE-2026-7932\nCVE-2026-7933\nCVE-2026-7934\nCVE-2026-7935\nCVE-2026-7936\nCVE-2026-7937\nCVE-2026-7938\nCVE-2026-7939\nCVE-2026-7940\nCVE-2026-7941\nCVE-2026-7942\nCVE-2026-7943\nCVE-2026-7944\nCVE-2026-7945\nCVE-2026-7946\nCVE-2026-7947\nCVE-2026-7948\nCVE-2026-7949\nCVE-2026-7950\nCVE-2026-7951\nCVE-2026-7952\nCVE-2026-7953\nCVE-2026-7954\nCVE-2026-7955\nCVE-2026-7956\nCVE-2026-7957\nCVE-2026-7958\nCVE-2026-7959\nCVE-2026-7960\nCVE-2026-7961\nCVE-2026-7962\nCVE-2026-7963\nCVE-2026-7964\nCVE-2026-7965\nCVE-2026-7966\nCVE-2026-7967\nCVE-2026-7968\nCVE-2026-7969\nCVE-2026-7970\nCVE-2026-7971\nCVE-2026-7972\nCVE-2026-7973\nCVE-2026-7974\nCVE-2026-7975\nCVE-2026-7976\nCVE-2026-7977\nCVE-2026-7978\nCVE-2026-7979\nCVE-2026-7980\nCVE-2026-7981\nCVE-2026-7982\nCVE-2026-7983\nCVE-2026-7984\nCVE-2026-7985\nCVE-2026-7986\nCVE-2026-7987\nCVE-2026-7988\nCVE-2026-7989\nCVE-2026-7990\nCVE-2026-7991\nCVE-2026-7992\nCVE-2026-7993\nCVE-2026-7994\nCVE-2026-7995\nCVE-2026-7996\nCVE-2026-7997\nCVE-2026-7998\nCVE-2026-7999\nCVE-2026-8000\nCVE-2026-8001\nCVE-2026-8002\nCVE-2026-8003\nCVE-2026-8004\nCVE-2026-8005\nCVE-2026-8006\nCVE-2026-8007\nCVE-2026-8008\nCVE-2026-8009\nCVE-2026-8010\nCVE-2026-8011\nCVE-2026-8012\nCVE-2026-8013\nCVE-2026-8014\nCVE-2026-8015\nCVE-2026-8016\nCVE-2026-8017\nCVE-2026-8018\nCVE-2026-8019\nCVE-2026-8020\nCVE-2026-8021\nCVE-2026-8022\n","source":{"id":8,"name":"csaf_certbund"},"advisoryProduct":[{"id":"2ca34c1e-aa17-3144-8330-3d3aefd200bd","product":{"name":"Chrome"}},{"id":"49aa393a-179f-3641-a062-4db171f30887","product":{"name":"148.0.3967.54"}},{"id":"4da97e0c-1fd4-3bb9-9e5c-17da9d06b7b2","product":{"name":"148.0.7778.96"}},{"id":"930fdd8d-0e03-32b0-b194-bc095e639c2e","product":{"name":"148.0.7778.97"}},{"id":"d6557d63-c65c-357b-9c4c-120e5d1248e3","product":{"name":"Edge"}}]}}]}