Description
Integer overflow in WebNN in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An integer overflow in the WebNN API of Google Chrome can be triggered by loading a maliciously crafted HTML page. The overflow allows the browser to read arbitrary data from its process memory, potentially exposing sensitive information such as credentials, tokens, or other secrets. The flaw is categorized as CWE-472 and carries a CVSS score of 6.5, indicating a moderate‑severity risk in the Chromium security model.

Affected Systems

Google Chrome versions prior to 150.0.7871.47 are impacted. No other vendors or products are listed.

Risk and Exploitability

The vulnerability is not listed in the CISA KEV catalog and its EPSS score is not available, so exploitation likelihood is not quantified. The attack requires a remote user to open a malicious page in Chrome; no privileged escalation is needed. Because it leaks memory contents, an attacker could harvest sensitive data from the browser process.

Generated by OpenCVE AI on July 1, 2026 at 15:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or later
  • If an immediate update is not possible, disable the WebNN API via flags or extensions to prevent the overflow from being triggered
  • Enforce strict content‑security policies and avoid loading untrusted web content

Generated by OpenCVE AI on July 1, 2026 at 15:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 16:00:00 +0000

Type Values Removed Values Added
Title Integer Overflow in WebNN Allows Remote Information Disclosure in Google Chrome

Wed, 01 Jul 2026 11:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow in WebNN Allows Remote Information Disclosure in Google Chrome

Wed, 01 Jul 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 01 Jul 2026 07:30:00 +0000

Type Values Removed Values Added
Title Integer Overflow in WebNN Allows Memory Information Leak

Wed, 01 Jul 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 02:15:00 +0000

Type Values Removed Values Added
Title Integer Overflow in WebNN Allows Memory Information Leak

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Integer overflow in WebNN in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
Weaknesses CWE-472
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-01T01:19:43.037Z

Reserved: 2026-06-29T23:11:35.878Z

Link: CVE-2026-14069

cve-icon Vulnrichment

Updated: 2026-07-01T01:19:39.335Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T15:45:06Z

Weaknesses
  • CWE-472

    External Control of Assumed-Immutable Web Parameter