Description
Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Uninitialized use within the ANGLE graphics subsystem of Google Chrome sent users exposing a memory disclosure channel. A crafted HTML page can trigger the flaw and allow a remote attacker to read potentially sensitive data from the browser’s process memory. The weakness is a classic CWE‑457 scenario where uninitialized variables lead to leakage, and the Chromium team assessed the issue as medium severity.

Affected Systems

Google Chrome desktop browsers prior to version 149.0.7827.53 are affected. The vulnerability exists on all platforms that employ ANGLE, including Windows, macOS, and Linux. Any system running an unpatched instance of Chrome can be exploited by a malicious web page served to the user.

Risk and Exploitability

The EPSS score for this vulnerability is not available, and it is not listed in the CISA KEV catalog, indicating no widespread exploitation has been observed to date. The CVSS score recorded by Chromium is medium, reflecting a moderate risk level. Exploitation requires that a user visit a crafted web page; no local privilege escalation or code execution is required. However, the ability to read process memory can compromise private data and is therefore significant for an attacker with the intent to collect user information.

Generated by OpenCVE AI on June 5, 2026 at 01:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 149.0.7827.53 or newer.
  • Enable automatic updates so Chrome receives security upgrades promptly.
  • Introduce browser-based content restrictions (e.g., site isolation, safe browsing) to mitigate the risk if patching cannot be performed immediately.

Generated by OpenCVE AI on June 5, 2026 at 01:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 04:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
Title Uninitialized Use in ANGLE Allowing Memory Disclosure via Crafted HTML Page

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-457
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:04:12.279Z

Reserved: 2026-06-04T17:06:24.617Z

Link: CVE-2026-10994

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:02.890

Modified: 2026-06-04T23:17:02.890

Link: CVE-2026-10994

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T04:15:25Z

Weaknesses