Description
Inappropriate implementation in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An improper GPU handling routine in Chrome allows an attacker who has already compromised the renderer process to read sensitive data from that process’s memory via a specially crafted HTML page. The flaw effectively exposes confidential information that resides in memory, beyond the intended boundaries of the renderer sandbox, and can be exploited only when the attacker already has control over the renderer.

Affected Systems

All installations of Google Chrome older than version 150.0.7871.47 are affected. This includes the stable channel on Windows, macOS, Linux, and Chrome OS. No specific operating‑system restriction is documented in the advisory.

Risk and Exploitability

The CVE was rated as low severity by Chromium. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires a local compromise of the renderer process; thus the overall risk is limited and the typical attacker would need to inject malicious content that already jumps and hijacks the renderer. The likelihood of a large‑scale public exploitation is consequently low.

Generated by OpenCVE AI on July 1, 2026 at 02:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or newer.
  • Enable automatic updates to receive the fix as soon as it rolls out.
  • If an update cannot be applied immediately, consider disabling GPU acceleration for Chrome using the "--disable-gpu" command‑line flag or the corresponding enterprise policy.

Generated by OpenCVE AI on July 1, 2026 at 02:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:30:00 +0000

Type Values Removed Values Added
Title GPU Memory Leakage via Renderer Process in Google Chrome
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-01T01:16:26.962Z

Reserved: 2026-06-29T23:11:31.821Z

Link: CVE-2026-14049

cve-icon Vulnrichment

Updated: 2026-07-01T01:11:08.245Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T02:15:07Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor