Description
Integer overflow in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability arises from an integer overflow in the ANGLE component of Google Chrome for Windows, allowing a remote attacker who has already gained control of the renderer process to read sensitive data from process memory through a specially crafted HTML page. The flaw permits disclosure of potentially confidential information, posing a medium severity risk to affected users.

Affected Systems

Google Chrome running on Windows systems with versions earlier than 149.0.7827.53 is susceptible. The impact is confined to the compromised renderer process, which would typically occur in the context of a user visiting a malicious web page or executing a malicious extension.

Risk and Exploitability

The exploit requires the attacker to already have control of the renderer process, implying a prior compromise or successful exploitation of another vulnerability. EPSS data is unavailable and the issue is not listed in CISA KEV, suggesting limited widespread exploitation. The CVSS score indicates medium severity, and given the need for an attacker foothold in the renderer process, the likelihood of exploitation remains moderate. The integer overflow permits an attacker to read arbitrary memory within the renderer, resulting in potential leakage of secrets or credentials.

Generated by OpenCVE AI on June 5, 2026 at 01:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Google Chrome update to at least version 149.0.7827.53 to patch the ANGLE integer overflow flaw.
  • Configure Chrome to run renderer processes with the least privileges possible and consider disabling hardware acceleration for untrusted content to mitigate potential memory disclosure.
  • If an immediate update is not feasible, restrict or remove access to untrusted web content and monitor for anomalous renderer behavior, noting that this is a temporary workaround rather than a complete fix.

Generated by OpenCVE AI on June 5, 2026 at 01:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
Title Integer Overflow in ANGLE Enabling Remote Memory Disclosure via Crafted HTML in Google Chrome on Windows
Weaknesses CWE-190

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Integer overflow in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:04:14.389Z

Reserved: 2026-06-04T17:06:25.775Z

Link: CVE-2026-10999

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:03.617

Modified: 2026-06-04T23:17:03.617

Link: CVE-2026-10999

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T02:15:29Z

Weaknesses