Description
Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out‑of‑bounds read in WebRTC on Google Chrome versions prior to 149.0.7827.53. A malicious web page can trigger the bug and allow a remote attacker to read arbitrary data from the browser’s process memory. The consequence is potentially sensitive information disclosure, identified as CWE-125.

Affected Systems

The affected product is Google Chrome built on the Chromium engine. Any desktop installation of Chrome before version 149.0.7827.53 is vulnerable, unless the user has already applied the update released in the June 2026 stable channel.

Risk and Exploitability

Public exploitation is not recorded in the KEV catalog and no EPSS score is available, so the likelihood cannot be quantified. The advisory rates the severity as Medium, and the attack vector is remote through a crafted HTML page that induces an out‑of‑bounds read. Until the patch is applied, an attacker who can host a malicious page accessed by the victim can leak process memory contents.

Generated by OpenCVE AI on June 5, 2026 at 02:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 149.0.7827.53 or later.
  • Configure Chrome to enforce automatic updates and verify the applied version.
  • If immediate update is not possible, temporarily disable WebRTC features via Chrome flags or by removing the WebRTC extensions from the browser profile.

Generated by OpenCVE AI on June 5, 2026 at 02:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 02:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Read in WebRTC Exposes Process Memory

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-125
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:04:54.827Z

Reserved: 2026-06-04T17:06:49.217Z

Link: CVE-2026-11096

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:14.887

Modified: 2026-06-04T23:17:14.887

Link: CVE-2026-11096

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T03:15:15Z

Weaknesses