Description
Inappropriate implementation in Input in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-30
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in Chrome's handling of input for Linux browsers released before version 150.0.7871.47. A correctly crafted HTML page can tap into the browser's memory space and leak potentially sensitive data. The flaw is an inappropriate implementation of input validation that allows a remote attacker to read portions of the process memory, exposing confidential information to the attacker.

Affected Systems

Google Chrome browsers operating on Linux platforms with versions earlier than 150.0.7871.47 are affected. Users running the stable channel prior to this update are at risk; newer releases beyond 150.0.7871.47 are not impacted.

Risk and Exploitability

The CVE is rated as High in Chromium's security severity. The EPSS score is not available, and the vulnerability is not listed in CISA's KEV catalog, indicating a moderate but still significant risk. The likely attack vector is a remote exploitation model where a malicious web page is served to a victim's Chrome instance; the attacker must convince the user to navigate to this page or embed the victim via an active network session. No prerequisites beyond the presence of a vulnerable Chrome version are stated.

Generated by OpenCVE AI on July 1, 2026 at 01:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome to version 150.0.7871.47 or later and install all subsequent updates
  • Ensure automatic updates are enabled for Chrome so that any future critical patches are received without manual intervention
  • Configure Chrome's security settings to use site isolation and content security policy to reduce the impact of any memory disclosure and limit access to sensitive APIs

Generated by OpenCVE AI on July 1, 2026 at 01:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 02:15:00 +0000

Type Values Removed Values Added
Title Chrome Linux Input Handling Vulnerability Allows Process Memory Disclosure
Weaknesses CWE-200

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in Input in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-01T01:18:27.057Z

Reserved: 2026-06-29T23:03:23.291Z

Link: CVE-2026-13810

cve-icon Vulnrichment

Updated: 2026-07-01T01:05:10.725Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T02:00:07Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor