Description
Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-04
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker can exploit an unvalidated input in Google Chrome's Network layer to read data from process memory. This flaw, present in all Chrome builds before version 149.0.7827.53 and classified as an input validation flaw, allows a remote attacker who has already compromised the renderer process to craft a malicious HTML page that triggers the vulnerability and retrieves potentially sensitive information stored in renderer memory. The impact is limited to information disclosure; code execution or privilege escalation were not explicitly stated in the description, so this is inferred.

Affected Systems

The vulnerability affects all desktop installations of Google Chrome running versions earlier than 149.0.7827.53 on Windows, macOS, and Linux.

Risk and Exploitability

Chromium rates the issue as medium severity. The flaw can only be exploited if the renderer process is already compromised, which is a non‑trivial prerequisite and not documented as a public exploit. The vulnerability is not listed in CISA's KEV catalog, indicating no known widespread exploitation. Nonetheless, users of unpatched browsers remain at risk of sensitive data exposure if a renderer compromise occurs through other vectors.

Generated by OpenCVE AI on June 5, 2026 at 05:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Chrome version 149.0.7827.53 or later.
  • Enable renderer sandboxing to restrict memory access of rendering processes.
  • Limit the use of browser extensions and enforce strict content‑security policies to reduce the likelihood of renderer compromise.

Generated by OpenCVE AI on June 5, 2026 at 05:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 06:00:00 +0000

Type Values Removed Values Added
Title Chrome Network Layer Input Validation Flaw Enables Sensitive Memory Disclosure
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-20
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:04:20.285Z

Reserved: 2026-06-04T17:06:29.195Z

Link: CVE-2026-11013

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:05.193

Modified: 2026-06-04T23:17:05.193

Link: CVE-2026-11013

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T05:45:33Z

Weaknesses