PT-2026-42236 · Google · Google Chrome
Published
2026-05-19
·
Updated
2026-05-22
·
CVE-2026-9116
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 148.0.7778.179
Description
Insufficient policy enforcement in ServiceWorker allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. A ServiceWorker is a script that the browser runs in the background, separate from a web page, enabling features like push notifications and offline capabilities.
Recommendations
Update to version 148.0.7778.179 or later.
Fix
Protection Mechanism Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Google Chrome