Primary

Context

Google Chrome Same-Origin Policy Bypass Vulnerability in Service Worker

Vulnerability

Patched

A vulnerability in Google Chrome's Service Worker component, affecting versions prior to 148.0.7778.179, allowed remote attackers to bypass the same-origin policy using a crafted HTML page. This flaw resulted from inadequate policy enforcement, creating a potential security risk by enabling cross-origin interactions that should have been restricted.

Impact

Exploitation of this vulnerability could lead to unauthorized cross-origin resource access, potentially allowing attackers to manipulate or steal data from other origins.

Remediation

Users can update to Google Chrome version 148.0.7778.179 or later to address this vulnerability.

Added: May 20, 2026, 8:35 PM

Updated: May 20, 2026, 8:35 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

1.3

exploitability

4.2

remediation

7.7

relevance

8.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

1.3

exploitability

4.2

remediation

7.7

relevance

8.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Google Chrome Same-Origin Policy Bypass Vulnerability in Service Worker

Vulnerability

Impact

Remediation

Affected Products

Google Chrome

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating