Description
Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a local attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An integer overflow flaw in the Chromecast component of Google Chrome allows a local attacker to craft malicious network traffic that causes a signed integer overflow during data processing. The overflow corrupts a pointer calculation, enabling arbitrary code execution within the scope of the Chrome process, which can result in privilege escalation or system compromise. This vulnerability aligns with CWE-122: Heap or Stack-based Buffer Overflow.

Affected Systems

All versions of Google Chrome released before 150.0.7871.47 on any supported platform are vulnerable. The flaw exists in the Chromecast module embedded within the browser, affecting users who have Chrome enabled on their local machines.

Risk and Exploitability

The EPSS score is not available, and the CVSS value is not reported; the vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack likely requires a local attacker who can direct malicious network traffic to the vulnerable Chrome instance, triggering the integer overflow during the rendering process. While the potential impact of local code execution is significant, the lack of exploitation data and absence of a KEV listing mean the current exploitation likelihood is uncertain. Users should not assume the flaw has been weaponized, but any local code execution vulnerability warrants caution until a patch is applied.

Generated by OpenCVE AI on July 1, 2026 at 01:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install Chrome version 150.0.7871.47 or newer to eliminate the integer overflow bug.
  • Disable or block the Chromecast component’s network traffic if an upgrade is not immediately possible, for example by adjusting firewall rules or disabling the extension that enables Chromecast functionality.
  • Continuously monitor browser activity for anomalous execution patterns that might indicate an attempt to exploit the vulnerability.

Generated by OpenCVE AI on July 1, 2026 at 01:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:00:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Chromecast Component Leading to Local Code Execution

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a local attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Medium)
Weaknesses CWE-122
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:08.551Z

Reserved: 2026-06-29T23:03:41.808Z

Link: CVE-2026-13884

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T01:45:06Z

Weaknesses
  • CWE-122

    Heap-based Buffer Overflow