Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
Metrics
Affected Vendors & Products
References
History
Sun, 07 Jun 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Same‑Origin Policy Bypass via Password Handling in Google Chrome | chromium-browser: Inappropriate implementation in Passwords |
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Fri, 05 Jun 2026 23:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Same‑Origin Policy Bypass via Password Handling in Google Chrome |
Fri, 05 Jun 2026 22:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Insecure Password Handling Enables Same-Origin Policy Bypass in Google Chrome | |
| Weaknesses | CWE-862 |
Fri, 05 Jun 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-346 | |
| CPEs | cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | |
| Metrics |
cvssV3_1
|
Fri, 05 Jun 2026 03:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Google
Google chrome |
|
| Vendors & Products |
Google
Google chrome |
Fri, 05 Jun 2026 02:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Insecure Password Handling Enables Same-Origin Policy Bypass in Google Chrome | |
| Weaknesses | CWE-862 |
Thu, 04 Jun 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High) | |
| References |
|
Status: PUBLISHED
Assigner: Chrome
Published: 2026-06-04T23:03:46.543Z
Updated: 2026-06-05T19:30:56.440Z
Reserved: 2026-06-04T17:06:10.525Z
Link: CVE-2026-10937
Updated: 2026-06-05T19:30:05.476Z
Status : Analyzed
Published: 2026-06-04T23:16:56.230
Modified: 2026-06-05T20:23:46.250
Link: CVE-2026-10937