Description
Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-04
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in ANGLE, Chrome’s graphics abstraction layer, allowed an out‑of‑bounds read that could expose sensitive data from process memory to a remote attacker. The bug, identified as CWE‑125, permits the attacker to embed a crafted HTML page in a website that, when loaded by a user with a vulnerable Chrome installation, triggers the memory leak and reveals confidential information.

Affected Systems

The vulnerability impacts Google Chrome versions earlier than 149.0.7827.53. All users running the stable channel on any operating system who have not updated beyond this version are potentially affected.

Risk and Exploitability

The flaw can be exploited by a remote attacker presenting a malicious page to an unsuspecting victim; no special privileges beyond normal browsing are required. The CVSS base score of 6.5 classifies the vulnerability as Medium severity. The EPSS score of less than 1% indicates a very low likelihood of exploitation in the wild, and the vulnerability is not listed in CISA KEV. Nevertheless, the straightforward attack vector and potential to expose sensitive data in user process memory make the risk meaningful for unpatched systems.

Generated by OpenCVE AI on June 5, 2026 at 21:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 149.0.7827.53 or later.
  • Enable Chrome’s automatic update feature to ensure timely receipt of future security patches.
  • If an immediate upgrade is not feasible, restrict the use of Chrome or switch to an alternative browser until the update is applied.

Generated by OpenCVE AI on June 5, 2026 at 21:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6325-1 chromium security update
History

Sun, 07 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Title chromium-browser: Out of bounds read in ANGLE
References
Metrics threat_severity

None

 threat_severity

Important

Fri, 05 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read in ANGLE Exposes Sensitive Information in Google Chrome

Fri, 05 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Fri, 05 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 04:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read in ANGLE Exposes Sensitive Information in Google Chrome

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-125
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-05T19:59:47.048Z

Reserved: 2026-06-04T17:06:21.031Z

Link: CVE-2026-10979

cve-icon Vulnrichment

Updated: 2026-06-05T19:59:40.369Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-04T23:17:01.167

Modified: 2026-06-05T20:36:34.310

Link: CVE-2026-10979

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-02T00:00:00Z

Links: CVE-2026-10979 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T22:00:07Z

Weaknesses