The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-1504

CVE-2026-1504: Chrome Background Fetch API Vulnerability

CVE-2026-1504 is an information disclosure flaw in Chrome's Background Fetch API that allows attackers to leak cross-origin data. This article covers technical details, affected versions, impact, and mitigation.

Published: January 30, 2026

CVE-2026-1504 Overview

CVE-2026-1504 is an inappropriate implementation vulnerability in the Background Fetch API in Google Chrome prior to version 144.0.7559.110. This cross-origin data leakage vulnerability allows a remote attacker to exfiltrate sensitive cross-origin data by convincing a victim to visit a crafted HTML page. The vulnerability exists due to improper handling of cross-origin requests within the Background Fetch API implementation, which fails to adequately enforce same-origin policy restrictions.

Critical Impact

Remote attackers can exploit this vulnerability to leak sensitive cross-origin data from affected Chrome browsers, potentially exposing confidential user information from other websites the victim has authenticated to.

Affected Products

  • Google Chrome versions prior to 144.0.7559.110
  • Chromium-based browsers using vulnerable Background Fetch API implementation
  • Desktop platforms running affected Chrome versions (Windows, macOS, Linux)

Discovery Timeline

  • 2026-01-27 - CVE-2026-1504 published to NVD
  • 2026-01-29 - Last updated in NVD database

Technical Details for CVE-2026-1504

Vulnerability Analysis

This vulnerability stems from an inappropriate implementation in the Background Fetch API, a web platform feature that enables websites to download large files in the background, even when the user navigates away from the page. The vulnerability allows cross-origin data to be leaked through improperly handled API responses.

The Background Fetch API is designed to handle long-running download operations asynchronously. However, the flawed implementation fails to properly isolate cross-origin data during fetch operations, creating a side-channel through which an attacker-controlled page can extract information from other origins.

When a victim visits a malicious HTML page, the attacker can leverage the Background Fetch API to initiate requests that improperly expose cross-origin response data. This violates the fundamental same-origin policy that browsers rely on to protect user data across different web domains.

Root Cause

The root cause of this vulnerability is an inappropriate implementation in the Background Fetch API that fails to properly enforce cross-origin isolation boundaries. The API does not correctly validate and sanitize cross-origin responses before making certain metadata or response characteristics available to the requesting origin. This implementation flaw creates an information disclosure channel that bypasses intended browser security controls.

Attack Vector

The attack requires user interaction in the form of visiting a malicious webpage. The attack flow proceeds as follows:

  1. An attacker crafts a malicious HTML page containing JavaScript that leverages the Background Fetch API
  2. The victim is lured to visit the attacker-controlled page (via phishing, malvertising, or compromised legitimate sites)
  3. The malicious page initiates Background Fetch API requests targeting cross-origin resources
  4. Due to the implementation flaw, cross-origin data leaks through the API responses
  5. The attacker's script captures and exfiltrates the leaked data to an attacker-controlled server

The vulnerability is exploitable remotely over the network and requires no special privileges beyond convincing the user to visit the malicious page. The confidentiality impact is high as sensitive cross-origin data can be fully exposed.

For detailed technical information, refer to the Chromium Issue Tracker Detail and the Chrome Desktop Update Announcement.

Detection Methods for CVE-2026-1504

Indicators of Compromise

  • Unusual Background Fetch API activity observed in browser developer tools or logs
  • Unexpected network requests to cross-origin resources initiated by suspicious web pages
  • JavaScript errors or console warnings related to Background Fetch operations from untrusted origins
  • Network traffic showing data exfiltration patterns following visits to unknown websites

Detection Strategies

  • Monitor browser telemetry for anomalous Background Fetch API usage patterns
  • Implement Content Security Policy (CSP) headers to restrict fetch operations from trusted sources
  • Deploy endpoint detection solutions that can identify exploitation attempts targeting browser APIs
  • Use network monitoring to detect suspicious outbound connections following web browsing activity

Monitoring Recommendations

  • Enable Chrome's Site Isolation feature to provide additional cross-origin protection layers
  • Review browser extension permissions that may interact with fetch operations
  • Implement web filtering to block access to known malicious domains
  • Monitor for updates to threat intelligence feeds regarding active exploitation of this vulnerability

How to Mitigate CVE-2026-1504

Immediate Actions Required

  • Update Google Chrome to version 144.0.7559.110 or later immediately
  • Ensure automatic updates are enabled for all Chrome installations across your organization
  • Notify end users about the importance of updating their browsers promptly
  • Verify Chromium-based browsers (Edge, Brave, Opera, etc.) have received corresponding patches

Patch Information

Google has released Chrome version 144.0.7559.110 which addresses this vulnerability. The security update was announced on January 27, 2026. Organizations should prioritize deployment of this update across all managed Chrome installations.

For detailed patch information, see the official Chrome Desktop Update Announcement.

Workarounds

  • Implement strict Content Security Policy headers on your web applications to limit fetch-src directives
  • Consider using browser policies to disable the Background Fetch API if not required for business operations
  • Deploy network-level filtering to block access to known malicious domains that may host exploitation pages
  • Educate users about phishing risks and the importance of not visiting untrusted websites
bash
# Chrome Enterprise Policy to force browser updates
# Windows Registry configuration
reg add "HKLM\SOFTWARE\Policies\Google\Update" /v "AutoUpdateCheckPeriodMinutes" /t REG_DWORD /d 60 /f
reg add "HKLM\SOFTWARE\Policies\Google\Update" /v "UpdateDefault" /t REG_DWORD /d 1 /f

# Verify Chrome version is patched (minimum 144.0.7559.110)
# Check via chrome://version or command line
google-chrome --version

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeInformation Disclosure
  • Vendor/TechGoogle Chrome
  • SeverityMEDIUM
  • CVSS Score6.5
  • EPSS Probability0.03%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityNone
  • Technical References
  • Chrome Desktop Update Announcement
  • Chromium Issue Tracker Detail
  • Related CVEs
  • CVE-2026-4453: Google Chrome Information Disclosure Flaw
  • CVE-2026-3938: Google Chrome Clipboard Data Leak Flaw
  • CVE-2026-3929: Google Chrome Information Disclosure Flaw
  • CVE-2026-2317: Google Chrome Information Disclosure Flaw
Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English