Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Google Chrome before 146.0.7680.178: Malicious sites can steal browser data
CVE-2026-5276
Summary
A security issue in Google Chrome's WebUSB feature allowed a malicious website to potentially steal sensitive information from your browser. This issue has been fixed in version 146.0.7680.178 or later. If you're using an earlier version, update your browser to the latest version to protect your data.
Original title
Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page....
Original description
Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Published: 1 Apr 2026 · Updated: 1 Apr 2026 · First seen: 1 Apr 2026