Description
Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: High)
Published: 2026-06-17
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds read exists in the Chromoting component of Google Chrome on Windows. When a local user opens a specially crafted file, the browser may read beyond intended memory boundaries, exposing potentially sensitive data from process memory. This flaw corresponds to CWE‑125 and represents a medium‑severity vulnerability as reflected in the CVSS score of 5.5.

Affected Systems

Google Chrome on Windows, versions prior to 149.0.7827.155 are affected. The Chrome update to 149.0.7827.155 in the stable channel removes the flaw.

Risk and Exploitability

The EPSS score is less than 1 % and the vulnerability is not listed in the CISA KEV catalog, indicating a low likelihood of widespread exploitation. The attack requires local access to the affected system and a malicious file; therefore, the risk is confined to users who inadvertently open such a file.

Generated by OpenCVE AI on June 17, 2026 at 17:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Chrome update (149.0.7827.155 or newer, the stable channel release in June 2026).
  • Ensure that only trusted files are opened and use up‑to‑date anti‑virus or sandboxing solutions to block malicious files before they reach Chrome.
  • If updating immediately is not possible, restrict user permissions or disable the Chromoting feature until a patch can be applied.

Generated by OpenCVE AI on June 17, 2026 at 17:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 17 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 17 Jun 2026 06:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Description Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: High)
Weaknesses CWE-125
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-17T10:54:18.884Z

Reserved: 2026-06-16T19:38:25.763Z

Link: CVE-2026-12444

cve-icon Vulnrichment

Updated: 2026-06-17T10:54:10.446Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T06:30:03Z

Weaknesses