Insufficient validation of Cast (Chrome <148.0.7778.96) bypasses SOP
CVE-2026-8005 Published on May 6, 2026

Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic. (Chromium security severity: Low)

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Products Associated with CVE-2026-8005

Want to know whenever a new CVE is published for Google Chrome? stack.watch will email you.

Google Chrome

Affected Versions

Google Chrome:

Version 148.0.7778.96 and below 148.0.7778.96 is affected.

Exploit Probability

EPSS

0.02%

Percentile

4.68%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Insufficient validation of Cast (Chrome <148.0.7778.96) bypasses SOPCVE-2026-8005 Published on May 6, 2026

Vulnerability Analysis

Weakness Type

Improper Input Validation

Products Associated with CVE-2026-8005

Affected Versions

Exploit Probability

Insufficient validation of Cast (Chrome <148.0.7778.96) bypasses SOP
CVE-2026-8005 Published on May 6, 2026