Description
Inappropriate implementation in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Google Chrome’s rendering engine Dawn suffered an inappropriate implementation that allows a remote attacker to extract sensitive data from a browser process’s memory. The flaw can be triggered by a carefully crafted HTML page that runs in the victim’s browser, giving the attacker read access to memory that may contain personally identifying or privileged information. This leads to the disclosure of confidential data without impacting the integrity or availability of the system.

Affected Systems

Versions of Google Chrome prior to 150.0.7871.47 are vulnerable. Any user or system running Chrome from the stable channel before this patch is potentially affected; newer releases contain the fix.

Risk and Exploitability

The assigned severity is low, and the vulnerability is not listed in the CISA KEV catalog. No EPSS score is available, suggesting limited or unverified public exploitation risk. The attack requires delivering a malicious HTML page to the victim’s browser, indicating a remote web-based attack vector. Overall, the risk is limited to information exposure, and immediate patching is recommended to mitigate potential data leakage.

Generated by OpenCVE AI on July 1, 2026 at 01:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Chrome update (150.0.7871.47 or newer) to eliminate the memory disclosure flaw
  • Enforce Chrome update policies in enterprise environments to prevent downgrade attacks
  • Monitor web traffic and browser logs for unusual memory read patterns that could indicate exploitation attempts

Generated by OpenCVE AI on July 1, 2026 at 01:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 02:15:00 +0000

Type Values Removed Values Added
Title Chromium Dawn Memory Disclosure Vulnerability Enabling Remote Information Retrieval
Weaknesses CWE-200

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-01T01:16:12.573Z

Reserved: 2026-06-29T23:11:34.270Z

Link: CVE-2026-14061

cve-icon Vulnrichment

Updated: 2026-07-01T01:11:51.089Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T02:00:07Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor

  • CWE-284

    Improper Access Control