Description
Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a memory leak exposed by DevTools in Google Chrome versions prior to 149.0.7827.53. A remote attacker, after having already compromised the renderer process, can craft a malicious HTML page that causes the renderer to read arbitrary memory addresses. The read data could contain sensitive information such as cookies, tokens, or local credentials, thereby enabling eavesdropping or other information‑exfiltration attacks. The severity has been classified as low by Chromium, reflecting the requirement of a prior renderer compromise and the limited scope of the exposed data.

Affected Systems

Google Chrome browsers running versions earlier than 149.0.7827.53 are affected. The issue specifically resides in the DevTools component of the renderer process. No other vendors or products are listed as impacted.

Risk and Exploitability

Although the EPSS score is unavailable and the vulnerability is not cataloged in CISA KEV, the exploitation path requires an attacker to first compromise the renderer process and then serve a crafted HTML page that interacts with DevTools. The low severity rating suggests a narrow window of exploitation, but any compromise of the renderer can lead to unauthorized memory reads. The risk is moderate for systems where Chrome is exposed to untrusted web content and where renderer process isolation is not fully enforced.

Generated by OpenCVE AI on June 5, 2026 at 00:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to build 149.0.7827.53 or later.
  • If an update is not immediately possible, consider disabling DevTools in the affected browsers or restricting renderer process privileges to limit memory access.
  • Monitor browser logs for unauthorized memory reads or unexpected DevTools activity.

Generated by OpenCVE AI on June 5, 2026 at 00:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
Title Info Disclosure via Process Memory Leak in Chrome DevTools
Weaknesses CWE-200

Thu, 04 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:06:03.400Z

Reserved: 2026-06-04T17:11:04.352Z

Link: CVE-2026-11250

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-05T00:17:01.483

Modified: 2026-06-05T00:17:01.483

Link: CVE-2026-11250

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T01:30:25Z

Weaknesses