Chrome Android <150.0.7871.115 Same-Origin Bypass via WebAppInstalls
CVE-2026-15115 Published on July 8, 2026
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.115 allowed a local attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
Vulnerability Analysis
CVE-2026-15115 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2026-15115
Want to know whenever a new CVE is published for Google Chrome? stack.watch will email you.
Affected Versions
Google Chrome:- Version 150.0.7871.115 and below 150.0.7871.115 is affected.