Google Chrome 150.0.7871.115 - Forms UXSS via arbitrary script injection
CVE-2026-15128 Published on July 8, 2026

Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)

NVD


Products Associated with CVE-2026-15128

Want to know whenever a new CVE is published for Google Chrome? stack.watch will email you.

 

Affected Versions

Google Chrome: