Description
Out of bounds read in Layout in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds read flaw in the Layout component of Google Chrome allows a remote attacker to craft an HTML page that can read arbitrary data from the browser process’s memory. The vulnerability can cause disclosure of sensitive information, potentially including user secrets, credentials, or cryptographic keys. The weakness is an improper input validation that permits an attacker to read beyond allocated buffers, leading to information leakage.

Affected Systems

Google Chrome browsers built on the Chromium engine whose versions are older than 150.0.7871.47 are affected. No specific builds or platforms are excluded in the advisory; all desktop operating systems that run the vulnerable browser should be considered at risk.

Risk and Exploitability

The advisory lists the issue as medium severity. EPSS data is not available, and the vulnerability is not in the CISA KEV catalog, so the public exploitation probability is unknown. The attack requires delivering a crafted HTML page to the victim, which could be accomplished via a malicious website or phishing email. If an attacker succeeds, they can read from the browser’s memory, leading to a potential compromise of user information. The risk is mitigated by applying the vendor’s patch, as no public exploits have been reported.

Generated by OpenCVE AI on July 1, 2026 at 01:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 150.0.7871.47 or later
  • Enable automatic updates for Chrome to ensure future fixes are applied
  • Restart the browser or re‑boot the system so that all running processes use the updated binaries

Generated by OpenCVE AI on July 1, 2026 at 01:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 01 Jul 2026 02:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CWE-787
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 01:30:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read in Chrome Layout Component Allows Remote Memory Disclosure
Weaknesses CWE-20

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Out of bounds read in Layout in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-01T01:18:10.523Z

Reserved: 2026-06-29T23:03:39.079Z

Link: CVE-2026-13873

cve-icon Vulnrichment

Updated: 2026-07-01T01:05:59.323Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T08:45:15Z

Weaknesses