Description
Out of bounds read in SurfaceCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out-of-bounds read flaw exists in the SurfaceCapture component of Google Chrome. By loading a specially crafted HTML page, a remote attacker can trigger the flaw and read memory beyond the intended bounds, potentially exposing sensitive data. The weakness is identified as a classic out-of-bounds read and is captured by CWE-125.

Affected Systems

The vulnerability affects Google Chrome versions earlier than 150.0.7871.47. Users running any pre‑150.0.7871.47 release are susceptible unless mitigated by administrative policy or other controls.

Risk and Exploitability

Exploit requires a user to open a malicious web page in the vulnerable Chrome version, which is a widely available attack vector. The flaw is classified as medium severity by Chromium security. No EPSS score is reported, and the issue is not listed in the CISA KEV catalog, indicating no confirmed public exploitation yet. However, the potential for data leakage and the lack of a robust mitigation in the vulnerable releases suggest that the risk is non‑negligible and should be addressed promptly.

Generated by OpenCVE AI on July 1, 2026 at 02:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or later to resolve the out-of-bounds read defect.
  • If an update cannot be applied immediately, use administrative policies to disable or restrict the SurfaceCapture feature in Chrome where possible, thereby reducing the attack surface.
  • Continuously monitor Google’s release channels and security advisories for patch updates, and apply any subsequent fixes without delay.

Generated by OpenCVE AI on July 1, 2026 at 02:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:45:00 +0000

Type Values Removed Values Added
Title Chrome Out-of-Bounds Read via SurfaceCapture Enables Remote Memory Exposure

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Out of bounds read in SurfaceCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-125
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:55.451Z

Reserved: 2026-06-29T23:04:17.715Z

Link: CVE-2026-14011

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T02:30:16Z

Weaknesses