CWE-1300 14 CVEs MITRE definition ↗

CWE-1300: Improper Protection of Physical Side Channels

Overview

CWE-1300 (Improper Protection of Physical Side Channels) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The device does not contain sufficient protection mechanisms to prevent physical side channels from exposing sensitive information due to patterns in physically observable phenomena such as variations in power consumption, electromagnetic emissions (EME), or acoustic emissions.

Applicable platforms

Kind Name Class Prevalence OS / CPE
language Not Language-Specific Undetermined
operating_system Not OS-Specific Undetermined
architecture Not Architecture-Specific Undetermined
technology Not Technology-Specific Undetermined

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE Published Summary
CVE-2026-11289 2026-06-05 Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-11284 2026-06-05 Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Lo…
CVE-2026-11153 2026-06-04 Side-channel information leakage in Forms in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-8562 2026-05-14 Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium…
CVE-2026-6923 2026-05-14 A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key.
CVE-2026-8017 2026-05-06 Side-channel information leakage in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-5876 2026-04-08 Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)…
CVE-2026-3929 2026-03-11 Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Med…
CVE-2026-0115 2026-03-10 In Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. This could lead to physical information disclosure with no additional execution privileges ne…
CVE-2025-13992 2025-12-03 Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severi…
CVE-2025-11210 2025-11-06 Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HT…
CVE-2025-11207 2025-11-06 Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medi…
CVE-2025-10890 2025-09-24 Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
CVE-2023-6258 2024-01-30 A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). If exploited successfully, this vulnerability could result in…

Previous names

  • Improper Protection Against Physical Side Channels (2021-10-28)

Content submission

Name
Nicole Fern
Organization
Cycuity (originally submitted as Tortuga Logic)
Date
2020-05-29
Version
4.2

Content modifications

Date Name Version Importance Comment
2021-03-15 CWE Content Team 4.4 updated Functional_Areas, Maintenance_Notes
2021-07-20 CWE Content Team 4.5 updated Related_Attack_Patterns
2021-10-28 CWE Content Team 4.6 updated Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, References, Relationships, Weakness_Ordinalities
2022-06-28 CWE Content Team 4.8 updated Relationships
2022-10-13 CWE Content Team 4.9 updated References, Relationships
2023-01-31 CWE Content Team 4.10 updated Related_Attack_Patterns
2023-04-27 CWE Content Team 4.11 updated References, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2023-10-26 CWE Content Team 4.13 updated Demonstrative_Examples, Observed_Examples, References
2025-04-03 CWE Content Team 4.17 updated Demonstrative_Examples
2025-09-09 CWE Content Team 4.18 updated References, Relationships

Contributions

Type Name Date Comment
Content Anders Nordstrom, Alric Althoff 2021-10-11 Provided detection methods, observed examples, and references
Content Nicole Fern 2021-10-13 Provided detection methods, observed examples, and references
Content Chen Chen, Rahul Kande, Jeyavijayan Rajendran 2023-06-21 suggested demonstrative example
Content Shaza Zeitouni, Mohamadreza Rostami, Ahmad-Reza Sadeghi 2023-06-21 suggested demonstrative example
cvelogic Threat Intelligence