Description
Uninitialized Use in GPU in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-24
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is an uninitialized use in the GPU component of Google Chrome; a remote attacker who has already compromised a renderer process can read sensitive data from process memory when a crafted HTML page is loaded, and the flaw is identified as CWE-457. The impact is information disclosure that could potentially reveal confidential data to the attacker.

Affected Systems

Google Chrome versions prior to 149.0.7827.197 are affected. This includes all stable channel releases before that build number.

Risk and Exploitability

The flaw is rated as high severity and has no EPSS score available, and it is not listed in the CISA KEV catalog. The likely attack vector is a remote web page that the user loads while the compromised renderer process is running; the attacker can then gather memory contents. No official workaround is provided, so the primary mitigation is to update the browser to the fixed version.

Generated by OpenCVE AI on June 24, 2026 at 20:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 149.0.7827.197 or later as released by Google.
  • If an immediate update is not possible, configure Chrome to automatically update or use enterprise update policies to receive the patch as soon as it is available.
  • Disable hardware acceleration in Chrome settings to reduce GPU usage until the patch is applied, which may mitigate exploitation risk for the interim.

Generated by OpenCVE AI on June 24, 2026 at 20:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Title Uninitialized GPU Memory Use Enables Remote Information Disclosure

Wed, 24 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 24 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Description Uninitialized Use in GPU in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-457
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-24T19:28:29.512Z

Reserved: 2026-06-23T17:14:08.528Z

Link: CVE-2026-13023

cve-icon Vulnrichment

Updated: 2026-06-24T19:28:06.376Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T20:30:04Z

Weaknesses
  • CWE-457

    Use of Uninitialized Variable