Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Out of bounds read in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
AnalysisAI
Out-of-bounds read in Chrome's Dawn WebGPU subsystem (versions prior to 149.0.7827.53) allows unauthenticated remote attackers to read arbitrary memory contents by tricking a user into visiting a crafted HTML page. The vulnerability carries a CVSS 6.5 (Medium) with high confidentiality impact and no integrity or availability impact, indicating targeted data-disclosure potential rather than code execution. EPSS is 0.03% (11th percentile) and the vulnerability is not listed in the CISA KEV catalog - no public exploit has been identified at time of analysis.
Technical ContextAI
Dawn is Google's open-source WebGPU implementation, serving as Chrome's graphics API abstraction layer between web content and GPU hardware. CWE-125 (Out-of-bounds Read) occurs when code reads data outside the boundaries of an allocated memory buffer, potentially exposing adjacent heap or stack content - including pointers, session data, or cross-origin material - to the caller. In a browser GPU process context, such leaks can surface sensitive runtime state accessible to attacker-controlled JavaScript. The CVSS network attack vector (AV:N) reflects that the vulnerability is triggered entirely through web content delivery without requiring local system access. No CPE strings were included in the source data; affected scope is derived from the EUVD entry and NVD description.
RemediationAI
The primary remediation is upgrading Google Chrome to version 149.0.7827.53 or later, as detailed in the stable channel desktop update advisory at http://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html. For most end users, Chrome's built-in automatic update mechanism will apply this fix; users should verify their installed version via chrome://settings/help. Enterprise administrators should enforce the update through Google Admin Console or applicable group policies and confirm deployment via fleet management tooling. If immediate patching is operationally blocked, restricting or disabling WebGPU access via Chrome enterprise policy (e.g., setting WebGPU-related flags to disabled) may reduce exposure to the Dawn attack surface, though this carries the trade-off of breaking WebGPU-dependent web applications. No additional vendor-specified workarounds were included in the available advisory data.
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, a
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, do
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderb
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Conta
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbi
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and Se
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34455
GHSA-pfjw-jj6c-rrv7