Description
Use after free in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: Medium)
Published: 2026-06-30
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use‑after‑free flaw in Chrome’s Bluetooth stack that can be triggered by a malicious peripheral. An attacker on the same local network segment can cause Chrome to read memory that is no longer valid and acquire potentially sensitive data from the process address space. The flaw does not allow arbitrary code execution, but it permits information disclosure that could aid further attacks.

Affected Systems

Google Chrome users running a version prior to 150.0.7871.47 are affected. Updated releases 150.0.7871.47 and later contain the fix, providing the necessary patch to eliminate the vulnerable memory handling path.

Risk and Exploitability

The flaw is rated Medium in Chromium’s security severity. Exploitation requires physical or network proximity to connect a malicious Bluetooth peripheral to the victim’s device; this is inferred from the description, as the vulnerability is accessed through a Bluetooth peripheral on the local network segment. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The local nature of the attack vector and the ability to read memory contents mean that the risk to affected users is non‑negligible and the issue should be remediated promptly.

Generated by OpenCVE AI on July 1, 2026 at 10:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or later to apply the bundled fix
  • Disable the Bluetooth feature in Chrome if it is not required
  • Block or restrict Bluetooth device pairing from unfamiliar peripherals on the local network, or use network segmentation to isolate devices that might host malicious peripherals

Generated by OpenCVE AI on July 1, 2026 at 10:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 01 Jul 2026 08:15:00 +0000

Type Values Removed Values Added
Title Chrome Bluetooth use‑after‑free exposes process memory

Wed, 01 Jul 2026 03:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: Medium)
Weaknesses CWE-416
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-01T01:33:18.273Z

Reserved: 2026-06-29T23:03:40.585Z

Link: CVE-2026-13879

cve-icon Vulnrichment

Updated: 2026-07-01T01:33:13.791Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T10:30:16Z

Weaknesses