VYPR

CWE-1300

Improper Protection of Physical Side Channels

BaseStable

Description

The device does not contain sufficient protection mechanisms to prevent physical side channels from exposing sensitive information due to patterns in physically observable phenomena such as variations in power consumption, electromagnetic emissions (EME), or acoustic emissions.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-189 · CAPEC-699

CVEs mapped to this weakness (7)

  • CVE-2026-11153CriJun 4, 2026
    risk 0.59cvss 9.1epss 0.00

    Side-channel information leakage in Forms in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11289MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11284MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-5876MedApr 8, 2026
    risk 0.42cvss 6.5epss 0.00

    Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-8562MedMay 14, 2026
    risk 0.28cvss 4.3epss 0.00

    Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-6923LowMay 14, 2026
    risk 0.25cvss 3.8epss 0.00

    A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key.

  • CVE-2026-8017LowMay 6, 2026
    risk 0.20cvss 3.1epss 0.00

    Side-channel information leakage in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)