Description
Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-05-06
Score: 4.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an inappropriate implementation in the V8 engine of Google Chrome, allowing a remote attacker to read potentially sensitive data from process memory through a crafted HTML page. This flaw results in information disclosure and is typically triggered when the user visits a malicious web page constructed by the attacker. The flaw falls under CWE-200, an information exposure weakness, and the likely attack vector is a remote web page delivered via the browser.

Affected Systems

The affected product is Google Chrome on any build prior to version 148.0.7778.96. Only these older releases contain the unpatched implementation that permits the memory disclosure.

Risk and Exploitability

Chromium labels the issue as low severity, with a CVSS score of 4.3, there is no EPSS data available and the vulnerability is not listed in the CISA KEV catalog. The exploit requires user interaction with a malicious web page and does not provide code execution or privilege escalation. Based on the provided metrics, the practical risk is considered low to moderate, with exploitation unlikely to be widespread.

Generated by OpenCVE AI on May 7, 2026 at 00:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 148.0.7778.96 or later, ensuring the latest security patches are installed
  • Configure Chrome or the system’s update policies to automatically apply security updates, preventing future regressions
  • If a manual update is not possible, consider using an alternative browser that does not include the vulnerable V8 implementation

Generated by OpenCVE AI on May 7, 2026 at 00:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 01:15:00 +0000

Type Values Removed Values Added
Title V8 Exploit Enabling Remote Memory Disclosure in Chrome

Wed, 06 May 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 May 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 06 May 2026 21:15:00 +0000

Type Values Removed Values Added
Title V8 Exploit Enabling Remote Memory Disclosure in Chrome
Weaknesses CWE-200

Wed, 06 May 2026 18:30:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-06T21:49:00.986Z

Reserved: 2026-05-05T22:59:31.508Z

Link: CVE-2026-7999

cve-icon Vulnrichment

Updated: 2026-05-06T21:24:48.954Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-06T19:16:50.833

Modified: 2026-05-06T22:16:43.680

Link: CVE-2026-7999

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T01:00:14Z

Weaknesses