Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-1300:Improper Protection of Physical Side Channels
Weakness ID:1300
Version:v4.17
Weakness Name:Improper Protection of Physical Side Channels
Vulnerability Mapping:Allowed
Abstraction:Base
Structure:Simple
Status:Stable
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
11Vulnerabilities found
CVE-2026-8562
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.12%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 19:52
Updated-15 May, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-1300
Improper Protection of Physical Side Channels
CVE-2026-6923
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-3.8||LOW
EPSS-0.01% / 2.87%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 16:14
Updated-14 May, 2026 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nuvoton - CWE-1300: Improper Protection of Physical Side Channels

A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key.

Action-Not Available
Vendor-Nuvoton
Product-NPCT7xx
CWE ID-CWE-1300
Improper Protection of Physical Side Channels
CVE-2026-8017
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-3.1||LOW
EPSS-0.03% / 9.21%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 18:13
Updated-06 May, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Side-channel information leakage in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-1300
Improper Protection of Physical Side Channels
CVE-2026-5876
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.57%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 21:20
Updated-13 Apr, 2026 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-1300
Improper Protection of Physical Side Channels
CVE-2026-3929
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-3.1||LOW
EPSS-0.03% / 10.20%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 22:04
Updated-13 Mar, 2026 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-1300
Improper Protection of Physical Side Channels
CVE-2026-0115
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-2.1||LOW
EPSS-0.01% / 0.88%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 20:46
Updated-11 Mar, 2026 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. This could lead to physical information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-1300
Improper Protection of Physical Side Channels
CVE-2025-13992
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.7||MEDIUM
EPSS-0.02% / 6.67%
||
7 Day CHG~0.00%
Published-03 Dec, 2025 | 19:09
Updated-05 Dec, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationLinux Kernel Organization, IncGoogle LLC
Product-macoslinux_kernelwindowschromeChrome
CWE ID-CWE-1300
Improper Protection of Physical Side Channels
CVE-2025-11210
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 6.21%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 22:08
Updated-13 Nov, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Linux Kernel Organization, IncApple Inc.Google LLCMicrosoft Corporation
Product-chromewindowsmacoslinux_kernelChrome
CWE ID-CWE-1300
Improper Protection of Physical Side Channels
CVE-2025-11207
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.05%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 22:08
Updated-13 Nov, 2025 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Linux Kernel Organization, IncApple Inc.Google LLCMicrosoft Corporation
Product-chromewindowsmacoslinux_kernelChrome
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-1300
Improper Protection of Physical Side Channels
CVE-2025-10890
Assigner-Chrome
ShareView Details
Assigner-Chrome
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 17.90%
||
7 Day CHG~0.00%
Published-24 Sep, 2025 | 16:17
Updated-25 Sep, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncGoogle LLCMicrosoft Corporation
Product-chromelinux_kernelmacoswindowsChrome
CWE ID-CWE-1300
Improper Protection of Physical Side Channels
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-6258
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-0.10% / 27.51%
||
7 Day CHG~0.00%
Published-30 Jan, 2024 | 16:55
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pkcs11-provider: side-channel proofing pkcs#1 1.5 paths

A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). If exploited successfully, this vulnerability could result in a Bleichenbacher-like security flaw, potentially enabling a side-channel attack on PKCS#1 1.5 decryption.

Action-Not Available
Vendor-latchsetn/aFedora Project
Product-pkcs11-providerFedorapkcs11-provider
CWE ID-CWE-1300
Improper Protection of Physical Side Channels
CWE ID-CWE-203
Observable Discrepancy