Description
Integer overflow in Fonts in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This flaw is an integer overflow in the font parsing routine of Google Chrome that can be exploited by a crafted HTML page to perform an out‑of‑bounds memory write. The overflow permits an attacker to overwrite arbitrary memory locations, potentially leading to remote code execution, data corruption, or denial of service. The issue is identified as a medium severity vulnerability in Chromium’s own assessment and corresponds to CWE-472, which involves integer overflows or wraparounds.

Affected Systems

Any user running Google Chrome prior to update 150.0.7871.47 on any supported operating system is potentially vulnerable. The affected releases span the stable channel of Chrome before the June 2026 patch, including older desktop and potentially mobile builds that have not yet been updated.

Risk and Exploitability

The vulnerability can be triggered by a malicious webpage that the user must load in a vulnerable Chrome instance. The required preconditions are minimal, meaning that any user who visits the crafted page could be impacted. No documented exploitation campaigns are currently known, and the flaw is not listed in the CISA Known Exploited Vulnerabilities catalog. The EPSS score is not disclosed. While the exact impact severity is not quantified in the CVE data, the potential for remote code execution or service disruption warrants timely patching.

Generated by OpenCVE AI on July 1, 2026 at 04:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or later.
  • Enable automatic updates so that future security patches are applied without manual intervention.
  • As a temporary protective measure, avoid visiting untrusted web pages or use network‑level filtering to block sites that serve custom fonts until a patch is installed.

Generated by OpenCVE AI on July 1, 2026 at 04:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 04:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Memory Write via Font Integer Overflow in Chrome

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Integer overflow in Fonts in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-472
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:28.340Z

Reserved: 2026-06-29T23:03:56.819Z

Link: CVE-2026-13938

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T04:30:06Z

Weaknesses
  • CWE-472

    External Control of Assumed-Immutable Web Parameter