Description
Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A remote attacker can exploit insufficient policy enforcement in Chrome’s Bluetooth implementation to read process memory through a crafted web page. The flaw allows access to potentially sensitive data, compromising confidentiality. The weakness is a classic information–exposure flaw.

Affected Systems

Google Chrome browsers with versions prior to 150.0.7871.47 are affected. Users of older Chrome releases who have not applied the latest update are at risk.

Risk and Exploitability

The vulnerability is ranked as low severity by Chromium, and there is no EPSS score available. Google has not listed it in the CISA KEV catalog. Exploitation requires a web page that the attacker can host and convincing the victim to visit while Bluetooth is enabled. No public exploit or commercial tool has been reported, but the possibility of a memory disclosure exists for any user who visits a malicious page while Bluetooth is active.

Generated by OpenCVE AI on July 1, 2026 at 02:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 150.0.7871.47 or later.
  • If an update cannot be applied immediately, disable the Bluetooth feature in Chrome or at the operating‑system level to eliminate the code path that can leak memory.
  • After disabling or updating, continue to monitor user activity for signs of suspicious webpage access or anomalous memory reads.

Generated by OpenCVE AI on July 1, 2026 at 02:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:30:00 +0000

Type Values Removed Values Added
Title Chrome Bluetooth Policy Enforcement Flaw Exposing Process Memory
Weaknesses CWE-200
CWE-284
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-01T01:16:41.364Z

Reserved: 2026-06-29T23:11:28.837Z

Link: CVE-2026-14035

cve-icon Vulnrichment

Updated: 2026-07-01T01:10:31.196Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T02:15:07Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor

  • CWE-284

    Improper Access Control