Description
Inappropriate implementation in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-30
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Enterprise build of Google Chrome prior to 150.0.7871.47 allows a remote attacker to read data from the browser’s process memory when a crafted HTML page is loaded. The vulnerability can expose potentially sensitive information, which is considered high severity according to Chromium’s security team. No CVSS score is available, but the flaw is clearly an information‑exposure weakness per CWE‑200.

Affected Systems

Google Chrome Enterprise users running any Chrome version older than 150.0.7871.47 are affected. The issue does not apply to later releases that incorporate the fix.

Risk and Exploitability

The attack vector appears to be a malicious or compromised web page that delivers the crafted content to the victim’s browser. Because the flaw is triggered by HTML parsing, a remote attacker can target any machine that has an uncontrolled or untrusted web page rendering in Chrome. The exploit does not depend on local user actions beyond visiting the page, and the vulnerability is a high‑severity memory disclosure. No EPSS score is available, and the vulnerability is currently not listed in CISA’s KEV catalog.

Generated by OpenCVE AI on July 1, 2026 at 00:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or later on all enterprise installations
  • Configure enterprise Chrome update policies to enforce automatic roll‑outs of the latest security update
  • Implement web‑content filtering and monitoring to block or alert on malicious or suspicious HTML files before they reach users

Generated by OpenCVE AI on July 1, 2026 at 00:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 01:00:00 +0000

Type Values Removed Values Added
Title Chrome Enterprise Memory Disclosure via Crafted HTML Page
Weaknesses CWE-200

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-01T01:28:50.188Z

Reserved: 2026-06-29T23:03:27.710Z

Link: CVE-2026-13828

cve-icon Vulnrichment

Updated: 2026-07-01T01:28:41.837Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T00:45:15Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor

  • CWE-284

    Improper Access Control