Severity by source
Sources disagree (Low–High)AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Inappropriate implementation in ImageCapture in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
AnalysisAI
Privilege escalation in Google Chrome's ImageCapture component before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to escape sandbox boundaries via a crafted HTML page. The flaw was reported by Google's internal security team and is rated medium-low by Chromium itself despite the 7.5 CVSS score, and no public exploit identified at time of analysis. SSVC indicates no known exploitation but total technical impact if successfully chained.
Technical ContextAI
ImageCapture is a Chromium Web API (part of the MediaStream specification) that lets web pages capture still images and access advanced camera controls from a video track. The vulnerability is classified as CWE-269 (Improper Privilege Management), meaning the ImageCapture implementation fails to correctly enforce the privilege boundary between the renderer (the sandboxed process that handles untrusted web content) and higher-privileged browser components. Because Chrome's security model treats the renderer as untrusted, a bug here is typically chained after a separate renderer-RCE primitive to break out of the sandbox, expanding what an already-compromised renderer can do.
RemediationAI
Vendor-released patch: Google Chrome 149.0.7827.53 - upgrade to this version or later on the Stable channel by allowing Chrome's auto-update to complete and restarting the browser, per the advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html and the upstream issue at https://issues.chromium.org/issues/502493950. Downstream Chromium-based browsers should be updated once their vendors ship the merged fix. As a compensating control until patched, administrators can disable camera/MediaStream access via enterprise policy (VideoCaptureAllowed=false or site-scoped DefaultMediaStreamSetting), which blocks the ImageCapture attack surface but breaks legitimate webcam-based applications like video conferencing; this is only a partial mitigation because the bug requires a pre-existing renderer compromise, so prioritizing patching of any other renderer-RCE Chrome vulnerabilities is equally important.
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allVendor StatusVendor
SUSE
Severity: Important| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Leap 16.0 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34757
GHSA-vx83-xm6h-8qjw