Chrome Media SideChannel Leak (<148.0.7778.96) Allows CORS Data Exfiltration: CVE-2026-8017 May 2026

Side-channel information leakage in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Vulnerability Analysis

CVE-2026-8017 can be exploited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:

NETWORK

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

Improper Protection Against Physical Side Channels

The product is missing protections or implements insufficient protections against information leakage through physical channels such as power consumption, electromagnetic emissions (EME), acoustic emissions, or other physical attributes.

Products Associated with CVE-2026-8017

Want to know whenever a new CVE is published for Google Chrome? stack.watch will email you.

Chrome Media SideChannel Leak (<148.0.7778.96) Allows CORS Data Exfiltration
CVE-2026-8017 Published on May 6, 2026

Vulnerability Analysis

Weakness Type

Improper Protection Against Physical Side Channels

Products Associated with CVE-2026-8017

Affected Versions

Chrome Media SideChannel Leak (<148.0.7778.96) Allows CORS Data ExfiltrationCVE-2026-8017 Published on May 6, 2026

Vulnerability Analysis

Weakness Type

Improper Protection Against Physical Side Channels

Products Associated with CVE-2026-8017

Affected Versions

Chrome Media SideChannel Leak (<148.0.7778.96) Allows CORS Data Exfiltration
CVE-2026-8017 Published on May 6, 2026