{
  "title": "Chromium Zero-Day: Browser Fetch API Security Bypass",
  "summary": "An unpatched security bypass and metadata leakage zero-day has been identified in the Chromium Browser Fetch API, allowing cross-origin attackers to bypass Same-Origin Policy (SOP); this article provides frontend exposure audits and detection scripts.",
  "date": "2026-05-26",
  "severity": "high",
  "tags": [
    "google-chrome",
    "chromium",
    "zero-day",
    "security-bypass",
    "cross-site-scripting"
  ],
  "sources_count": 2,
  "indicators": {
    "slug": "chromium-browser-fetch-leak-zero-day",
    "since": "2026-05-26T00:00:00Z",
    "until": "2026-05-26T23:59:59Z",
    "ecosystem": "",
    "cves": [],
    "cwes": [
      "CWE-346",
      "CWE-200",
      "CWE-284"
    ],
    "advisoryIds": [],
    "products": [
      "Chromium Browser Engine",
      "Google Chrome",
      "Microsoft Edge",
      "Brave",
      "Opera",
      "Vivaldi"
    ],
    "packages": [],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [],
    "urls": [],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": [
      "fetch",
      "chrome",
      "chromium",
      "CORS",
      "Same-Origin Policy"
    ]
  }
}