Description
Out of bounds read in Codecs in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out-of-bounds read in the Codecs component of Google Chrome allowed a remote attacker to obtain potentially sensitive data from process memory through a specially crafted HTML page. This vulnerability, identified as CWE-125, enables the retrieval of information that should not be exposed, compromising confidentiality.

Affected Systems

Google Chrome versions prior to 150.0.7871.47 are affected. Any installation of the affected browser running on any operating system can be exploited if the user visits a malicious site containing a crafted page.

Risk and Exploitability

The vulnerability has a medium severity and no EPSS data is currently available. It is not listed in the CISA KEV catalog. The attack vector is remote, requiring the user to load a crafted HTML page in the browser. Exploitation requires no additional privileges and can be executed without user interaction beyond visiting the malicious page.

Generated by OpenCVE AI on July 1, 2026 at 01:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 150.0.7871.47 or later.
  • Ensure that automatic updates are enabled so future fixes are applied without manual intervention.
  • Periodically review installed browser versions and confirm they match the latest stable release to mitigate similar memory corruption vulnerabilities.

Generated by OpenCVE AI on July 1, 2026 at 01:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 02:00:00 +0000

Type Values Removed Values Added
Title Out of Bounds Read in Chrome Codecs Allows Retrieval of Sensitive Process Memory via Crafted HTML Page

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Out of bounds read in Codecs in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-125
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-01T01:32:36.457Z

Reserved: 2026-06-29T23:03:49.013Z

Link: CVE-2026-13906

cve-icon Vulnrichment

Updated: 2026-07-01T01:32:31.951Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T01:45:06Z

Weaknesses