Google Chrome 150.0.7871.115 - Forms UXSS via arbitrary script injection
CVE-2026-15128 Published on July 8, 2026
Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
Products Associated with CVE-2026-15128
Want to know whenever a new CVE is published for Google Chrome? stack.watch will email you.
Affected Versions
Google Chrome:- Version 150.0.7871.115 and below 150.0.7871.115 is affected.