Google Chrome CVE-2026-13022: Autofill XSS via leaked data (149.0.7827.197)
CVE-2026-13022 Published on June 24, 2026
Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Products Associated with CVE-2026-13022
Want to know whenever a new CVE is published for Google Chrome? stack.watch will email you.
Affected Versions
Google Chrome:- Version 149.0.7827.197 and below 149.0.7827.197 is affected.