Description
Uninitialized Use in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is an uninitialized variable in ANGLE, the graphics acceleration component of Chrome for Windows. A malformed HTML page can trigger the bug, causing the browser to expose data that belong to a different origin. This vulnerability maps to CWE‑457, an uninitialized variable issue, and allows a remote attacker to retrieve cross‑origin information, potentially compromising confidentiality but not executing code or altering system state.

Affected Systems

Google Chrome users running the Windows stable release before 149.0.7827.53 are affected. The issue is confined to the ANGLE rendering engine that powers GPU‑accelerated rendering in Chrome on Windows. All desktop installations of those versions must be considered at risk.

Risk and Exploitability

An attacker would need to supply a crafted web page to a victim's browser; no additional privileges or local access are required. The severity reported by Chromium is low, and the exploit probability is not quantified (EPSS not available) and the vulnerability is not listed in CISA's KEV catalog. Because the symptom is data leakage rather than code execution, the overall risk level for typical users is moderate, but systems that handle highly sensitive cross‑origin data should still treat the issue with urgency.

Generated by OpenCVE AI on June 5, 2026 at 00:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 149.0.7827.53 or later on all Windows machines.
  • For environments that cannot update immediately, configure group policy or management tools to enforce automatic rollout of Chrome updates as soon as they are available.
  • If ANGLE usage must be avoided for the interim, disable GPU rasterization or ANGLE via Chrome policies such as GPURasterizationEnabled set to 0.

Generated by OpenCVE AI on June 5, 2026 at 00:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 01:15:00 +0000

Type Values Removed Values Added
Title ANGLE Uninitialized Use Causing Cross‑Origin Data Leakage in Chrome on Windows

Thu, 04 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Description Uninitialized Use in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Weaknesses CWE-457
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:06:11.540Z

Reserved: 2026-06-04T17:11:10.231Z

Link: CVE-2026-11268

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-05T00:17:03.760

Modified: 2026-06-05T00:17:03.760

Link: CVE-2026-11268

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T01:00:15Z

Weaknesses