Description
Insufficient data validation in Animation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the animation handling code of Google Chrome allows a remote attacker to read sensitive data from the browser’s process memory by serving a specially crafted HTML page. The vulnerability stems from insufficient data validation within the animation subsystem, enabling an attacker to extract information that should be encapsulated. The exposed data could compromise user privacy or aid further attacks, but does not grant arbitrary code execution. The issue is classified as a medium‑severity information disclosure.

Affected Systems

All users running Google Chrome versions prior to 149.0.7827.53 are affected. The vulnerability is present in the stable channel and any derived builds of the browser running those legacy versions. Users of older stable releases or custom Chromium builds that do not incorporate the 149.0.7827.53 patch are at risk.

Risk and Exploitability

The attack vector is remote and requires the victim to visit a malicious webpage. While the EPSS score is not available, the absence of a public KEV listing suggests no known active exploitation. The CVSS score is not provided, but the Chromium severity is Medium, indicating a moderate confidence that exploitation is feasible but not widespread. Remediation is limited to upgrading the browser; no mitigating configuration change is known.

Generated by OpenCVE AI on June 5, 2026 at 03:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install Chrome version 149.0.7827.53 or later; update the browser through the official updater.
  • Enable automatic browser updates to ensure future security patches are applied without manual action.
  • Apply an enterprise policy that requires Chrome to run only the patched version or newer, preventing older vulnerable releases from executing.

Generated by OpenCVE AI on June 5, 2026 at 03:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Title Insufficient Data Validation in Chrome Animation Allows Remote Information Disclosure via Crafted HTML Page
Weaknesses CWE-200

Fri, 05 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient data validation in Animation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:04:11.528Z

Reserved: 2026-06-04T17:06:24.134Z

Link: CVE-2026-10992

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:02.650

Modified: 2026-06-04T23:17:02.650

Link: CVE-2026-10992

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T03:15:16Z

Weaknesses