Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Out of bounds read in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
AnalysisAI
Out-of-bounds read in Chrome's ANGLE graphics layer on Windows exposes sensitive process memory to an attacker who has already achieved renderer compromise. Affected are all Chrome for Windows installations prior to 149.0.7827.53; macOS, Linux, Android, and iOS are not in scope per available data. No public exploit code exists and no active exploitation is confirmed - EPSS at 0.03% (11th percentile) and SSVC exploitation status of 'none' jointly indicate this is a low-priority real-world threat, functioning primarily as a post-exploitation information-disclosure step in a multi-stage browser attack chain rather than a standalone critical vulnerability.
Technical ContextAI
ANGLE (Almost Native Graphics Layer Engine) is Google's cross-platform OpenGL ES implementation embedded in Chrome that translates OpenGL calls to platform-native graphics APIs - on Windows, primarily DirectX. CWE-125 (Out-of-bounds Read) describes a memory safety flaw where a read operation accesses memory beyond the bounds of an allocated buffer. In a GPU/graphics context, this can expose arbitrary adjacent memory regions to the attacker, including data from other browser processes or sensitive in-memory state. The Windows-specific nature of this vulnerability strongly implies the flaw is in ANGLE's DirectX translation path rather than the shared OpenGL abstraction layer. Chrome's multi-process architecture places HTML rendering and GPU compositing in sandboxed renderer processes, meaning this flaw is exercised from within a pre-compromised renderer context sending malformed GPU commands through ANGLE.
RemediationAI
Update Google Chrome on Windows to version 149.0.7827.53 or later, the vendor-released patch documented at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html. Chrome's built-in auto-update mechanism will apply this silently on most consumer systems; enterprise administrators using group policy or third-party patch management should verify deployment and confirm the installed version via chrome://settings/help. As an interim compensating control before patching, enforcing Chrome's Strict Site Isolation policy (--site-per-process, which is default in modern Chrome but can be explicitly mandated via enterprise policy) limits cross-origin data accessible to a compromised renderer, reducing the value of any memory leak. Blocking access to untrusted external web content through URL filtering reduces the renderer-compromise attack surface that is a prerequisite for this flaw. No workaround eliminates the underlying out-of-bounds read; patching is the only definitive fix.
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Leap 16.0 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34454
GHSA-m5vx-248p-g3g7