Description
Side-channel information leakage in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A side‑channel memory leakage in the CSS processing engine of Google Chrome allows a remote attacker to read potentially sensitive data from the browser’s process memory when rendering a specially crafted HTML page. The vulnerability is a memory disclosure via side‑channel (CWE‑1300) and is listed by Chromium with a Medium severity rating. The attacker could retrieve confidential information stored in the process’s memory space through this flaw.

Affected Systems

All instances of Google Chrome running a version older than 150.0.7871.47 are vulnerable. The release notes for the stable channel identify this threshold. No specific operating‑system or environment restrictions are noted, so any host that runs a previously supported Chrome build is potentially in scope.

Risk and Exploitability

The exploit probability (EPSS) score is not available and the flaw is not listed in the CISA KEV catalog, indicating no known active exploitation at present. Nevertheless, the medium severity rating from Chromium indicates a risk of data exposure if a remote attacker can deliver the crafted page. Defensive measures are recommended.

Generated by OpenCVE AI on July 1, 2026 at 05:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to the latest stable release (150.0.7871.47 or newer).
  • Restrict the use of custom CSS in untrusted contexts, for example by applying a Content‑Security‑Policy that disallows style injection or by configuring Chrome extensions to block arbitrary styles.
  • Monitor Chrome logs and user activity for anomalous memory access patterns or errors that could indicate side‑channel exploitation.

Generated by OpenCVE AI on July 1, 2026 at 05:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 04:30:00 +0000

Type Values Removed Values Added
Title CSS Side-Channel Memory Leakage in Google Chrome

Wed, 01 Jul 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Side-channel information leakage in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-1300
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-01T01:20:22.613Z

Reserved: 2026-06-29T23:04:17.961Z

Link: CVE-2026-14012

cve-icon Vulnrichment

Updated: 2026-07-01T01:20:16.075Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T05:30:17Z

Weaknesses
  • CWE-1300

    Improper Protection of Physical Side Channels