Description
Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-04
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability arises from an uninitialized variable in ANGLE, a component of Google Chrome, which can lead to an attacker reading sensitive data from process memory when a specially crafted HTML page is loaded. The weakness, identified as CWE-457, enables information disclosure without requiring elevated privileges or malicious code execution. The exposure allows an attacker to obtain potentially private or confidential data that resides in the browser's memory.

Affected Systems

The flaw affects Google Chrome versions older than 149.0.7827.53 on desktop platforms. Users running these builds are vulnerable until Chrome is updated to a version that contains the fix.

Risk and Exploitability

Chromium rates this bug as medium severity. No EPSS score is publicly available, and the vulnerability is not listed in CISA's KEV catalog. The likely attack vector is a remote attacker delivering a crafted HTML page to a victim's browser, resulting in a memory read. Because it does not require privilege escalation or additional malware, the potential impact remains moderate, but any compromised process memory could reveal user data or internal application state.

Generated by OpenCVE AI on June 5, 2026 at 04:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Chrome update (149.0.7827.53 or newer).
  • If an immediate update is unavailable, start Chrome with the flag `--disable-angle` or set the corresponding policy to force software rendering, reducing the memory exposure channel.
  • Enable site isolation to limit memory sharing between browser processes, mitigating the impact of memory reads.

Generated by OpenCVE AI on June 5, 2026 at 04:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 06:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-457
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:05:14.918Z

Reserved: 2026-06-04T17:10:25.933Z

Link: CVE-2026-11137

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-04T23:17:19.863

Modified: 2026-06-05T15:02:59.990

Link: CVE-2026-11137

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T06:00:05Z

Weaknesses