Insufficient policy enforcement in HTML-in-Canvas in Google Chrome prior to 150
Published Jul 14, 2026
Modified 3 days ago
Fix available
Details
Insufficient policy enforcement in HTML-in-Canvas in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
Affected Packages
Google Chrome
Windows 10 (1507)Windows 10 (1607) / Server 2016Windows 10 (1703)Windows 10 (1709)Windows 10 (1803)