Description
Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-11
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is an out-of-bounds read in the VideoCapture feature of Google Chrome that allows a remote attacker who has already compromised the GPU process to read arbitrary memory in the process. The attacker can feed a specially crafted HTML page to trigger the memory read, potentially exposing sensitive data. It is classified as Memory Access Violation (CWE-125) and is rated as high severity.

Affected Systems

Affected versions are all stable-channel releases of Google Chrome before 149.0.7827.115, which include the problematic VideoCapture code. Users running those versions on any platform that enables GPU acceleration are vulnerable.

Risk and Exploitability

The exploit requires the attacker to first gain control of the GPU process, a step that is non-trivial and may limit real-world exploitation. No EPSS score is available, and the vulnerability is not listed in CISA's KEV catalog. Still, because the flaw can leak data and has a high CVSS rating, administrators should treat it as a significant risk until patched.

Generated by OpenCVE AI on June 11, 2026 at 22:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 149.0.7827.115 or later.
  • Install all available security updates for Chrome immediately.
  • If an immediate update is not possible, disable GPU acceleration or block the VideoCapture API using browser policy to prevent the memory read.

Generated by OpenCVE AI on June 11, 2026 at 22:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 11 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Title Chrome VideoCapture Out‑of‑Bounds Read Vulnerability
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 11 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Description Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-125
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-12T01:01:01.214Z

Reserved: 2026-06-11T18:16:08.901Z

Link: CVE-2026-12033

cve-icon Vulnrichment

Updated: 2026-06-12T01:00:52.702Z

cve-icon NVD

Status : Received

Published: 2026-06-11T22:16:55.880

Modified: 2026-06-12T02:16:41.930

Link: CVE-2026-12033

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T22:45:05Z

Weaknesses