CVE-2026-8021

MEDIUM

Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

CVSS v3.1 Score

4.2

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Complexity

HIGH

Privileges

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Published: 5/6/2026Modified: 5/7/2026

Related Intelligence (1)

CRITICALAi

Patch Tuesday - May 2026

Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are not included in the Patch Tuesday count above. Windows Netlogon: critical RCE Anyone responsible for securing a domain con

CVE-2026-41089CVE-2020-1472

5d agoRapid7

References (2)

https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.htmlVendor AdvisoryRelease Notes https://issues.chromium.org/issues/498417031Permissions Required