CWE-1300
Improper Protection of Physical Side Channels
BaseStable
Description
The device does not contain sufficient protection mechanisms to prevent physical side channels from exposing sensitive information due to patterns in physically observable phenomena such as variations in power consumption, electromagnetic emissions (EME), or acoustic emissions.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-189 · CAPEC-699
CVEs mapped to this weakness (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-5876 | Med | 0.42 | 6.5 | 0.00 | Apr 8, 2026 | Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |
| CVE-2026-8562 | Med | 0.28 | 4.3 | 0.00 | May 14, 2026 | Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |
| CVE-2026-6923 | Low | 0.25 | 3.8 | 0.00 | May 14, 2026 | A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key. | |
| CVE-2026-8017 | Low | 0.20 | 3.1 | 0.00 | May 6, 2026 | Side-channel information leakage in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) |