Description
Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published: 2026-07-08
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Inappropriate implementation in the Document Object Model of Google Chrome versions prior to 150.0.7871.115 can trigger heap corruption when a specially crafted HTML page is parsed. The corruption can lead to arbitrary code execution, data compromise, or denial of service, allowing a remote attacker to gain full control of the victim’s system. The issue is a result of insufficient bounds checking during DOM processing and has been classified as High by Chromium.

Affected Systems

Any installation of Google Chrome that is older than 150.0.7871.115 is vulnerable. This includes all platforms—Windows, macOS, Linux, and ChromeOS—where the stable channel distribution is used. No other browsers or vendors are cited, so only Chrome users of obsolete builds are at risk.

Risk and Exploitability

The CVSS score is not provided, but Chromium rated the vulnerability as High. The EPSS score is unavailable, so a precise exploitation probability cannot be calculated; however, the need to deliver a malicious HTML page indicates the attack vector is a remotely hosted webpage, email attachment, or other HTML rendering mechanism. The vulnerability is not listed in CISA KEV, implying no confirmed mass exploitation has occurred yet, but the potential for arbitrary code execution makes it a serious security concern.

Generated by OpenCVE AI on July 9, 2026 at 03:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 150.0.7871.115 or later on all affected systems
  • Enable automatic updates so that the wallet receives the latest security patches without manual intervention
  • If an upgrade cannot be performed immediately, restrict the execution of JavaScript on untrusted sites to limit the impact of crafted HTML pages

Generated by OpenCVE AI on July 9, 2026 at 03:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Jul 2026 04:00:00 +0000

Type Values Removed Values Added
Title Chrome DOM Heap Corruption Exploit
Weaknesses CWE-122
CWE-416

Thu, 09 Jul 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 08 Jul 2026 23:00:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-08T22:36:03.907Z

Reserved: 2026-07-08T17:07:42.747Z

Link: CVE-2026-15123

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-09T03:45:03Z

Weaknesses