MEDIUM 5.0

CVE-2026-9903: Google Chrome Site Isolation Bypass via MHTML Input Validation

Google Chrome versions prior to 148.0.7778.216 contain a vulnerability in Site Isolation, a security feature designed to prevent malicious websites from accessing data from other sites you visit. An attacker who has already compromised Chrome's renderer process—the part that interprets web content—can craft a specially designed MHTML file (a web archive format) that bypasses this protection. This requires the attacker to have gained initial access to the renderer process and the user to open the malicious file, but if successful, it could allow unauthorized access to sensitive information across site boundaries.

Source data · NVD / CISA · public domain

CVSS
3.1 · 5.0 MEDIUM · CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Weaknesses (CWE)
CWE-20
Affected products
1 configuration(s)
Published / Modified
2026-05-28 / 2026-06-17

NVD description (verbatim)

Insufficient validation of untrusted input in Site Isolation in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted MHTML page. (Chromium security severity: High)

2 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-9903 stems from insufficient input validation in Google Chrome's Site Isolation mechanism, a sandboxing architecture that isolates renderer processes by site origin. The vulnerability allows an attacker with prior renderer process compromise to circumvent site isolation boundaries through a crafted MHTML page. MHTML pages combine HTML and resources into a single file, and improper validation of untrusted input during MHTML processing permits the bypass. The attack vector requires network accessibility and user interaction (opening the file), coupled with the pre-condition of renderer compromise. This is classified as CWE-20 (Improper Input Validation).

Business impact

While the CVSS score of 5 reflects medium severity, the business risk depends on your environment. Site Isolation breach could expose sensitive data—financial information, authentication credentials, or proprietary content—if an attacker chains this with other compromise vectors. Organizations relying on Chrome in security-sensitive roles should prioritize patching. The requirement for renderer process compromise as a prerequisite somewhat limits opportunistic exploitation, but targeted attackers may combine this with other Chrome vulnerabilities to achieve full compromise chains.

Affected systems

Google Chrome releases prior to version 148.0.7778.216 are affected across all platforms (Windows, macOS, Linux). This includes stable, extended stable, and beta channels if they have not reached the patched version. Organizations using Chrome as an official browser, especially in Chromebook deployments or browser-as-a-service environments, should audit deployment versions immediately.

Exploitability

Exploitation requires two conditions: (1) the attacker must already control the Chrome renderer process through a separate vulnerability or attack, and (2) the user must be socially engineered or tricked into opening a malicious MHTML file. This two-stage requirement reduces casual exploitability, and the vulnerability is not tracked in CISA's Known Exploited Vulnerabilities (KEV) catalog. However, in advanced persistent threat (APT) scenarios or multi-stage attacks, an attacker who has achieved renderer compromise may use this bypass to laterally access data across site boundaries without requiring additional user interaction beyond having the file open.

Remediation

Update Google Chrome to version 148.0.7778.216 or later. Chrome's auto-update mechanism should deploy the patch automatically, but administrators managing Chrome in enterprise environments should verify deployment across all endpoints. Verify the version by navigating to chrome://settings/help, which will display the installed version and prompt updates if available. Users should not defer security updates for Chrome, as the browser's auto-update is designed to be seamless.

Patch guidance

Patch version 148.0.7778.216 addresses the insufficient validation issue and restores proper site isolation boundary enforcement. For enterprise deployments, configure Chrome update policies to enforce the minimum version using Google Admin Console or equivalent mobile device management tools. For consumer users, update through the browser's settings menu or restart the browser to trigger auto-update completion. Verify patch deployment by checking chrome://version or chrome://settings/help to confirm the version is 148.0.7778.216 or higher.

Detection guidance

Monitor for anomalous MHTML file opens or processing, particularly in controlled environments where such files are not expected. Examine browser process isolation logs and renderer process terminations that may indicate sandbox escape attempts. Security teams should audit logs for users opening MHTML attachments from untrusted sources. Advanced detection may involve analyzing memory dumps or debugger output if renderer compromise is suspected. Note that successful exploitation may leave minimal traces if the attacker's objective is silent data exfiltration rather than system compromise. Endpoint detection and response (EDR) tools should flag unusual cross-origin data access patterns in Chrome if visibility is available.

Why prioritize this

Although the CVSS score is 5 (medium severity), prioritization should account for the high chromium severity rating, the architectural importance of site isolation as a defense-in-depth control, and the potential for data exfiltration in multi-stage attacks. Organizations with users handling sensitive information in Chrome should treat this as higher priority than the numeric score suggests. However, the requirement for prior renderer compromise means this is not a critical internet-facing vulnerability and can be scheduled within standard patch cycles if no active exploitation evidence exists.

Risk score, explained

The CVSS 3.1 score of 5 (medium) reflects: network-based attack vector (AV:N), high attack complexity due to renderer compromise prerequisite (AC:H), no privilege requirement (PR:N), required user interaction to open MHTML file (UI:R), unchanged scope (S:U), and limited confidentiality, integrity, and availability impact (C:L/I:L/A:L). The score appropriately captures the two-stage exploitation requirement. However, the chromium security severity marked as 'High' indicates Google's assessment that the site isolation bypass itself is a significant breach of a core security boundary, warranting timely patching even if the numerical score is moderate. Organizations should weight both metrics in decision-making.

Frequently asked questions

Why does the CVSS score seem low if this affects Site Isolation?

Site Isolation is a defensive boundary, and bypassing it is architecturally serious. However, CVSS accounts for the practical exploitation requirements: the attacker must already have renderer process compromise, and the user must open a specific file. These prerequisites reduce the score. Google's chromium security severity of 'High' reflects the significance of the boundary bypass itself, so organizations should consider both the numeric score and the qualitative severity assessment.

What is MHTML and why is it a problem here?

MHTML (MIME HTML) is a web archive format that bundles HTML, images, and other resources into a single file. Users often encounter MHTML files as saved web pages. The vulnerability exists because Chrome does not properly validate untrusted input when processing MHTML files if the renderer is already compromised, allowing the attacker to craft content that confuses site boundaries.

Do I need to take immediate action if I have not seen active attacks?

Yes, you should update Chrome to 148.0.7778.216 or later as part of your regular patch cycle. While the vulnerability is not currently listed in CISA's KEV catalog (indicating no known active exploitation at publication), site isolation is foundational to Chrome's security model. Delaying patches increases the window in which a motivated attacker could exploit this in combination with other Chrome vulnerabilities.

Is this vulnerability exploitable if the user just visits a malicious website?

No. The attacker must either trick the user into opening a downloaded MHTML file or, in more advanced scenarios, combine this with another vulnerability to achieve initial renderer compromise. Simply visiting a website is not sufficient to trigger this vulnerability.

This analysis is provided for informational purposes and reflects the state of vulnerability intelligence as of the publication date. CVSS scores and severity ratings are based on NIST/vendor assessments and may be subject to revision. Organizations should verify patch availability and compatibility in their environments before deployment. No exploit code or weaponized proof-of-concept details are provided. Readers should consult official vendor advisories and their internal risk management policies when making patch prioritization decisions. This document does not constitute legal or compliance advice. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).