Description
Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an uninitialized use in Chrome’s Dawn rendering engine. A crafted HTML page can trigger the browser to read data that has not been properly initialized, allowing a remote attacker to retrieve potentially sensitive information from process memory. This is a classic case of CWE-457, where the outcome is a leak of confidential data such as credentials or tokens, compromising the confidentiality of the end‑user’s machine.

Affected Systems

Google Chrome browsers running any release prior to version 149.0.7827.53 are affected. The patch that resolves the issue is included in Chrome 149.0.7827.53 and all later stable channel releases.

Risk and Exploitability

The CVE is assessed as high severity. While an EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, the attack vector is a locally crafted or hosted web page that can be opened in the victim’s browser. An attacker who can force a user to view the malicious page—such as a compromised or malicious website—could read arbitrary memory contents. No special privileges are required on the victim system, making the exploit broadly feasible for an attacker who can deliver the page.

Generated by OpenCVE AI on June 5, 2026 at 01:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 149.0.7827.53 or newer, which contains the fix for the uninitialized memory read.
  • Enable Chrome’s Safe Browsing with ‘Enhanced protection’ to detect and block known malicious sites that may deliver the exploit.
  • If an update cannot be applied immediately—such as in a locked-down enterprise environment—disable or remove extensions that load arbitrary web content, and consider transitioning users to a patched version or an alternative browser until the fix is available.

Generated by OpenCVE AI on June 5, 2026 at 01:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 04:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
Title Uninitialized Memory Read in Chrome’s Dawn Engine Enables Information Disclosure

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-457
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:04:04.656Z

Reserved: 2026-06-04T17:06:20.297Z

Link: CVE-2026-10976

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:00.843

Modified: 2026-06-04T23:17:00.843

Link: CVE-2026-10976

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T04:15:25Z

Weaknesses