ChromeDriver SOP Bypass via Crafted HTML (Prior to 146.0.7680.71)
CVE-2026-3934 Published on March 11, 2026

Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

NVD

Products Associated with CVE-2026-3934

Want to know whenever a new CVE is published for Google Chrome? stack.watch will email you.

Google Chrome

Affected Versions

Google Chrome:

Version 146.0.7680.71 and below 146.0.7680.71 is affected.

ChromeDriver SOP Bypass via Crafted HTML (Prior to 146.0.7680.71)CVE-2026-3934 Published on March 11, 2026

Products Associated with CVE-2026-3934

Affected Versions

ChromeDriver SOP Bypass via Crafted HTML (Prior to 146.0.7680.71)
CVE-2026-3934 Published on March 11, 2026