Description
Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in ANGLE, Chrome’s graphics abstraction layer, allowed an out‑of‑bounds read that could expose sensitive data from process memory to a remote attacker. The bug, identified as CWE‑125, permits the attacker to embed a crafted HTML page in a website that, when loaded by a user with a vulnerable Chrome installation, triggers the memory leak and reveals confidential information.

Affected Systems

The vulnerability impacts Google Chrome versions earlier than 149.0.7827.53. All users running the stable channel on any operating system who have not updated beyond this version are potentially affected.

Risk and Exploitability

The flaw can be exploited by a remote attacker presenting the malicious page to an unsuspecting victim; no special privileges are required beyond normal browsing. Chromium assigns the vulnerability a High severity. EPSS data are unavailable and the issue is not listed in CISA KEV, but the attack vector is straightforward and widely accessible, so the overall risk remains high for unpatched systems.

Generated by OpenCVE AI on June 5, 2026 at 01:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 149.0.7827.53 or later.
  • Enable Chrome’s automatic update feature to ensure timely receipt of future security patches.
  • If an immediate upgrade is not feasible, restrict the use of Chrome or switch to an alternative browser until the update is applied.

Generated by OpenCVE AI on June 5, 2026 at 01:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 04:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read in ANGLE Exposes Sensitive Information in Google Chrome

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-125
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:04:05.902Z

Reserved: 2026-06-04T17:06:21.031Z

Link: CVE-2026-10979

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:01.167

Modified: 2026-06-04T23:17:01.167

Link: CVE-2026-10979

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T04:15:25Z

Weaknesses