Description
Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-04
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Uninitialized use within the ANGLE graphics subsystem of Google Chrome allows a crafted HTML page to trigger the flaw and let a remote attacker read potentially sensitive data from the browser’s process memory. The weakness is identified as a CWE‑457 and CWE‑824 situation, leading to information disclosure.

Affected Systems

Google Chrome desktop browsers prior to version 149.0.7827.53 are affected. The flaw is exposed to any user who opens a malicious web page in the browser.

Risk and Exploitability

The CVSS score of 6.5 denotes a medium risk level, while the EPSS score of less than 1% indicates a very low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires only that a user visit a crafted web page; no local privilege escalation or code execution is needed. The potential impact is the compromise of private data that a user may have loaded in the browser.

Generated by OpenCVE AI on June 7, 2026 at 13:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 149.0.7827.53 or newer.
  • Enable automatic updates so Chrome receives security upgrades promptly.
  • If immediate update is not feasible, restrict access to untrusted web content or employ stricter site isolation settings.

Generated by OpenCVE AI on June 7, 2026 at 13:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6325-1 chromium security update
History

Sun, 07 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Title chromium-browser: Uninitialized Use in ANGLE
Weaknesses CWE-824
References
Metrics threat_severity

None

 threat_severity

Moderate

Sat, 06 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 06 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Uninitialized Use in ANGLE Allowing Memory Disclosure via Crafted HTML Page

Sat, 06 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Fri, 05 Jun 2026 04:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
Title Uninitialized Use in ANGLE Allowing Memory Disclosure via Crafted HTML Page

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-457
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-06T16:46:07.508Z

Reserved: 2026-06-04T17:06:24.617Z

Link: CVE-2026-10994

cve-icon Vulnrichment

Updated: 2026-06-06T16:45:59.545Z

cve-icon NVD

Status : Modified

Published: 2026-06-04T23:17:02.890

Modified: 2026-06-06T17:16:41.100

Link: CVE-2026-10994

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-02T00:00:00Z

Links: CVE-2026-10994 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-07T14:00:09Z

Weaknesses
  • CWE-457

    Use of Uninitialized Variable

  • CWE-824

    Access of Uninitialized Pointer