Description
Race in WebRTC in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a race condition within the WebRTC component of Google Chrome A crafted HTML page can trigger the race, causing the browser to leak cross‑origin data. The effect is a breach of confidentiality, classified as a medium severity issue by Chromium.

Affected Systems

Affected users are those running Google Chrome on Windows with a version earlier than 150.0.7871.47. This includes the stable channel before the update released on 17 June 2026. Only Windows installations are impacted because the flaw occurs in the Windows build of the browser.

Risk and Exploitability

The EPSS score is not available and the vulnerability has not been listed in CISA KEV, but the Chrome documentation tags it as medium severity. An attacker can exploit the flaw by hosting a malicious web page that a victim visits, triggering the race and capturing data from other origins. The risk to confidentiality is significant, especially for users accessing sensitive information.

Generated by OpenCVE AI on July 1, 2026 at 02:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Chrome update (150.0.7871.47 or newer).
  • If an update cannot be applied immediately, temporarily disable WebRTC by setting the chrome flag chrome://flags/#enable-webrtc to Disabled or using an extension that blocks WebRTC.
  • Apply strict Content‑Security‑Policy headers and enforce same‑origin policy to limit cross‑origin data exposure.

Generated by OpenCVE AI on July 1, 2026 at 02:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:45:00 +0000

Type Values Removed Values Added
Title WebRTC Race Condition Allows Cross-Origin Data Leak in Chrome
Weaknesses CWE-200
CWE-665

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Race in WebRTC in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:56.928Z

Reserved: 2026-06-29T23:04:18.693Z

Link: CVE-2026-14015

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T02:30:16Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor

  • CWE-665

    Improper Initialization