Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: ...

DEBIAN-CVE-2026-3934
Summary

Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

What to do
  • Update debian chromium to version 146.0.7680.71-1~deb12u1.
  • Update debian chromium to version 146.0.7680.71-1~deb13u1.
Affected software
VendorProductAffected versionsFix available
debian chromium All versions
debian chromium <= 146.0.7680.71-1~deb12u1 146.0.7680.71-1~deb12u1
debian chromium <= 146.0.7680.71-1~deb13u1 146.0.7680.71-1~deb13u1
debian chromium All versions
Original title
Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: ...
Original description
Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 14 Mar 2026