Medium severity5.3NVD Advisory· Published May 14, 2026· Updated May 14, 2026
CVE-2026-8583
CVE-2026-8583
Description
Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
12- Microsoft on pace to break annual vulnerability record as AI-driven patch wave takes holdThe Record · May 13, 2026
- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026
- Microsoft May 2026 Patch Tuesday, (Tue, May 12th)SANS Internet Storm Center · May 12, 2026
- Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)Tenable Blog · May 12, 2026
- Cookie thieves caught stealing dev secrets via fake Claude Code installersThe Register Security · May 11, 2026
- Microsoft says Edge’s plaintext password behavior is “by design”Malwarebytes Labs · May 8, 2026
- Google Chrome’s silent 4GB AI download problem [updated]Malwarebytes Labs · May 6, 2026
- The Good, the Bad and the Ugly in Cybersecurity – Week 16SentinelOne Labs · Apr 17, 2026
- Patch Tuesday - April 2026Rapid7 Blog · Apr 14, 2026
- Patch Tuesday, April 2026 EditionKrebs on Security · Apr 14, 2026
- 6th April – Threat Intelligence ReportCheck Point Research · Apr 6, 2026
- The Good, the Bad and the Ugly in Cybersecurity – Week 14SentinelOne Labs · Apr 3, 2026