By weakness (CWE)
CWE-1300: related vulnerabilities
CVEs classified under CWE-1300. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
2 published vulnerabilities
- CVE-2026-11284MEDIUM 6.5
Google Chrome versions prior to 149.0.7827.53 contain a side-channel vulnerability in the Performance APIs that allows an attacker to extract sensitive data across website boundaries. An attacker can craft a malicious webpage that, when visited by a user, leaks information from other websites the user is viewing or has visited. This works because certain performance measurement features can infer timing details that reveal cross-origin data, even though browsers are designed to isolate websites from each other.
- CVE-2026-11289MEDIUM 6.5
A side-channel vulnerability in Google Chrome's Paint component allows attackers to leak sensitive cross-origin data through a specially crafted web page. An attacker would need to trick a user into visiting a malicious website, but once there, the vulnerability could expose information from other websites the user has open—a serious privacy breach. The issue affects Chrome versions before 149.0.7827.53 across Windows, macOS, and Linux.