Description
Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-28
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Uninitialized use of GPU memory in Chrome for Android versions before 148.0.7778.216 enables a remote attacker to read sensitive data from the browser’s process memory. The vulnerability occurs when the GPU driver accesses memory that has not been initialized, and the data is made available through a crafted HTML page executed in the browser context. Consequently, attackers can potentially exfiltrate confidential information such as credentials or personal data, resulting in a privacy breach.

Affected Systems

Affected systems are Google Chrome browsers running on Android devices with versions older than 148.0.7778.216. No other platforms or operating systems are listed in the vendor’s advisory, and the flaw is specific to the GPU component of Chrome on Android.

Risk and Exploitability

The exploitability assessment shows that the EPSS score is not available and the vulnerability, with a CVSS score of 6.5, is not listed in the CISA KEV catalog, but the Chromium severity rating is high. Attackers can trigger the flaw by delivering a malicious HTML page to the victim’s device, enabling the unauthorized memory read. The risk remains significant for any user who accesses untrusted web content without the latest Chrome update.

Generated by OpenCVE AI on May 29, 2026 at 13:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome on Android to version 148.0.7778.216 or later, ensuring the GPU memory uninitialization bug is fixed.
  • Enable automatic updates for Chrome to receive future security patches without manual intervention.
  • While awaiting the patch, avoid visiting untrusted or unknown websites and consider disabling hardware acceleration in Chrome’s settings to reduce GPU reliance.

Generated by OpenCVE AI on May 29, 2026 at 13:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title GPU Uninitialized Use Enables Remote Leakage of Process Memory in Chrome Android chromium-browser: Uninitialized Use in GPU
Weaknesses CWE-824
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

threat_severity

Important

Thu, 28 May 2026 23:45:00 +0000

Type Values Removed Values Added
Title GPU Uninitialized Use Enables Remote Leakage of Process Memory in Chrome Android
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-457
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-29T16:45:07.882Z

Reserved: 2026-05-28T17:25:13.127Z

Link: CVE-2026-10008

cve-icon Vulnrichment

Updated: 2026-05-29T16:45:03.888Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-28T23:16:42.637

Modified: 2026-05-29T18:16:29.750

Link: CVE-2026-10008

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-10008 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T14:00:20Z

Weaknesses