Description
Out of bounds read in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via malicious network traffic. (Chromium security severity: Low)
Published: 2026-06-30
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability involves an out‑of‑bounds read in the Chromecast component of Google Chrome. A local attacker can craft malicious network traffic that triggers the read and exposes sensitive information from the browser’s process memory. This results in information disclosure, but does not grant code execution or modify data.

Affected Systems

Users of Google Chrome versions older than 150.0.7871.47 are affected. The issue was fixed in release 150.0.7871.47 and later.

Risk and Exploitability

No CVSS score is supplied, but the Chromium security severity is listed as Low. EPSS data is not available, indicating limited information on exploitation likelihood. The vulnerability is local and requires the attacker to have access to the user’s machine or to be able to influence network traffic that reaches the Chrome process. It is not listed in the CISA KEV catalog, so no known widespread exploitation is reported.

Generated by OpenCVE AI on July 1, 2026 at 01:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 150.0.7871.47 or later.
  • Ensure Chrome’s automatic update feature is enabled so that future security fixes are applied promptly.
  • If an immediate upgrade is not possible, restrict network traffic that may reach the Chromecast functionality, such as blocking Chromecast UDP ports or disabling the Chromecast feature in Chrome settings.

Generated by OpenCVE AI on July 1, 2026 at 01:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 01 Jul 2026 02:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CWE-787
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 02:15:00 +0000

Type Values Removed Values Added
Title Chromium Out-of-Bounds Read in Chromecast Allows Local Memory Disclosure
Weaknesses CWE-20
CWE-788

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Out of bounds read in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via malicious network traffic. (Chromium security severity: Low)
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-01T01:31:34.966Z

Reserved: 2026-06-29T23:11:34.671Z

Link: CVE-2026-14063

cve-icon Vulnrichment

Updated: 2026-07-01T01:19:04.763Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T07:30:06Z

Weaknesses
  • CWE-125

    Out-of-bounds Read

  • CWE-20

    Improper Input Validation

  • CWE-787

    Out-of-bounds Write

  • CWE-788

    Access of Memory Location After End of Buffer