Primary

Context

Google Chrome Same-Origin Policy Bypass Vulnerability in Cast

Vulnerability

Patched

A vulnerability in Google Chrome's Cast component, prior to version 148.0.7778.96, allowed attackers on the same local network to bypass the same-origin policy. This was achieved through the manipulation of untrusted input in network traffic. The issue stemmed from insufficient validation of this input, which could be exploited to disrupt the normal security measures that prevent different origins from interfering with each other.

Impact

Exploitation of this vulnerability could lead to unauthorized interference between different origins, bypassing the same-origin policy that is fundamental to web security.

Remediation

Users can update to Google Chrome version 148.0.7778.96 or later to address this vulnerability.

Added: May 6, 2026, 7:39 PM

Updated: May 6, 2026, 7:39 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

1.3

exploitability

4.4

remediation

7.7

relevance

7.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

1.3

exploitability

4.4

remediation

7.7

relevance

7.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Google Chrome Same-Origin Policy Bypass Vulnerability in Cast

Vulnerability

Impact

Remediation

Affected Products

Google Chrome

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating