Description
Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A recent issue in Google Chrome's XML handling allows an attacker to craft a malicious HTML page that can trigger heap corruption within the browser process. This vulnerability is classified as a high-impact flaw, posing a risk of arbitrary code execution or stability degradation if successfully exploited. The weakness corresponds to a heap-based buffer overflow (CWE-122).

Affected Systems

All users of the Chrome desktop stable channel running a version older than 150.0.7871.47 are vulnerable. The flaw originates in the browser’s XML parsing module and affects any site that can serve the crafted HTML to the client.

Risk and Exploitability

Because the attack requires delivery of a specifically crafted HTML page, the typical vector is a malicious website or a phishing page that a user visits. The EPSS score is not available, and the vulnerability is not listed in CISA KEV, but its high severity and heap corruption potential mean the risk is still significant. No public exploit has been reported in the supplied data, but the possibility of exploitation exists until a patch is applied.

Generated by OpenCVE AI on July 1, 2026 at 00:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome to the latest available version (≥150.0.7871.47) to incorporate the XML parsing fix.
  • Enable automatic updates on the system to receive subsequent security patches without manual intervention.
  • As a temporary measure, restrict JavaScript execution on untrusted sites or employ browser extensions that block legacy XML parsing.

Generated by OpenCVE AI on July 1, 2026 at 00:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 01:00:00 +0000

Type Values Removed Values Added
Title Heap Corruption via Inadequate XML Handling in Chrome
Weaknesses CWE-122

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:50.705Z

Reserved: 2026-06-29T23:03:29.523Z

Link: CVE-2026-13835

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T00:45:15Z

Weaknesses
  • CWE-122

    Heap-based Buffer Overflow