Description
Side-channel information leakage in ComputePressure in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Side‑channel information leakage in the ComputePressure module of Google Chrome prior to version 150.0.7871.47 allows a remote attacker to leak data across origins through a specially crafted HTML page. The flaw can disclose sensitive information compromising confidentiality. The Chromium project rates this vulnerability as medium severity.

Affected Systems

Google Chrome browsers. Users running any older stable or beta channel build could be exposed to this leakage unless they upgrade to the patched version.

Risk and Exploitability

The exploit requires the victim to open a crafted web page in Chrome. While the EPSS score is currently unavailable and the vulnerability is not listed in the CISA KEV catalog, the medium severity rating and the potential for cross‑origin data leakage suggest that the risk is non‑negligible. Attackers would need only the victim’s browser session; there is no known requirement for elevated privileges or additional footholds. The vulnerability could be leveraged in a drive‑by‑download scenario, making it remotely exploitable.

Generated by OpenCVE AI on July 1, 2026 at 01:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install Google Chrome version 150.0.7871.47 or later to remove the ComputePressure side‑channel flaw
  • Configure Chrome to automatically install the latest security updates to ensure the patch is applied as soon as it is available
  • If upgrading is not immediately possible, consider disabling JavaScript or content scripts in tabs that do not require cross‑origin interaction until the update is applied

Generated by OpenCVE AI on July 1, 2026 at 01:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Side-channel information leakage in ComputePressure in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-1300
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:27.245Z

Reserved: 2026-06-29T23:03:56.116Z

Link: CVE-2026-13935

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T01:30:17Z

Weaknesses
  • CWE-1300

    Improper Protection of Physical Side Channels