Description
Out of bounds read in Extensions in Google Chrome on Linux prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium)
Published: 2026-06-04
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability manifests as an out‑of‑bounds read in the extension handling code of Google Chrome on Linux. An attacker who persuades a user to install a crafted extension can read sensitive data from the browser process memory. This flaw can lead to disclosure of confidential information. The weakness involves classic buffer‑overflow style errors (CWE‑122 and CWE‑125).

Affected Systems

Google Chrome running on Linux is affected. Versions prior to 149.0.7827.53 are vulnerable; no further version details are provided.

Risk and Exploitability

The flaw does not allow remote code execution; the attacker must supply a malicious extension and persuade the user to install it. Because exploitation requires social engineering, the risk is moderate. The EPSS score is less than 1%, indicating a very low but non‑zero likelihood of exploitation, and the vulnerability is not listed in CISA KEV. The CVSS score is 6.5, which denotes moderate severity.

Generated by OpenCVE AI on June 7, 2026 at 16:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 149.0.7827.53 or newer
  • Remove extensions that are unfamiliar or from unverified sources
  • Enable Chrome’s safe browsing features to block potentially dangerous extensions

Generated by OpenCVE AI on June 7, 2026 at 16:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6325-1 chromium security update
History

Mon, 08 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

Sun, 07 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read in Chrome Linux Extensions Enables Sensitive Data Disclosure chromium-browser: Heap buffer overflow in Extensions
Weaknesses CWE-125
References
Metrics threat_severity

None

 threat_severity

Moderate

Sat, 06 Jun 2026 06:15:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read in Chrome Linux Extensions Enables Sensitive Data Disclosure

Sat, 06 Jun 2026 04:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 05:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Out of bounds read in Extensions in Google Chrome on Linux prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium)
Weaknesses CWE-122
References

Subscriptions

Google Chrome
Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-08T18:42:27.612Z

Reserved: 2026-06-04T17:10:28.164Z

Link: CVE-2026-11143

cve-icon Vulnrichment

Updated: 2026-06-06T03:35:31.147Z

cve-icon NVD

Status : Modified

Published: 2026-06-04T23:17:20.537

Modified: 2026-06-08T19:16:40.310

Link: CVE-2026-11143

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-02T00:00:00Z

Links: CVE-2026-11143 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-07T16:15:03Z

Weaknesses