Medium severity4.3NVD Advisory· Published May 6, 2026· Updated May 7, 2026

CVE-2026-8005

Description

Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic. (Chromium security severity: Low)

Affected products

Google/Chrome
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Range: <148.0.7778.96
Chromium/Chromiuminferred
Range: <148.0.7778.96

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.htmlnvdVendor AdvisoryRelease Notes
issues.chromium.org/issues/496298665nvdPermissions Required

News mentions

Patch Tuesday - May 2026
Rapid7 Blog · May 13, 2026

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000