Description
Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from an uninitialized use of a variable within the Dawn rendering engine of Google Chrome. A remote attacker can craft an HTML page that triggers this flaw, potentially causing heap corruption in the browser process. Heap corruption could lead to arbitrary code execution or other severe impacts if the exploit is fully developed. The weakness is classified as CWE‑457.

Affected Systems

All releases of Google Chrome prior to version 150.0.7871.47 are affected. The issue exists in any platform that uses the Dawn rendering engine within Chrome. Clients running earlier Chrome versions are at risk.

Risk and Exploitability

Chromium rates the severity of this flaw as high. No EPSS data is available, and the vulnerability is not listed in the CISA KEV catalog, indicating no widely known exploitation yet. However, the flaw requires only a crafted HTML page, which can be delivered over the web, making it potentially exploitable by remote attackers. Given the high impact of heap corruption and the lack of a public exploit, the risk remains significant until the vendor releases a fix.

Generated by OpenCVE AI on July 1, 2026 at 01:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or later to apply the uninitialized‑use fix.
  • If an update cannot be applied immediately, restrict exposure to untrusted web content by enforcing content‑security policies that limit the rendering of arbitrary HTML pages in Chrome.
  • Monitor Google releases for additional security updates and apply them promptly.

Generated by OpenCVE AI on July 1, 2026 at 01:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:15:00 +0000

Type Values Removed Values Added
Title Uninitialized Use in Dawn Rendering Engine Allows Heap Corruption in Chrome

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-457
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:47.066Z

Reserved: 2026-06-29T23:03:26.979Z

Link: CVE-2026-13825

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T02:00:07Z

Weaknesses
  • CWE-457

    Use of Uninitialized Variable