Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Integer overflow in Fonts in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
AnalysisAI
Integer overflow in Google Chrome's Fonts component (versions prior to 149.0.7827.53) enables remote attackers to read out-of-bounds process memory, potentially leaking sensitive in-memory data such as credentials or tokens. Exploitation is constrained by a mandatory user-interaction requirement - a victim must visit a specially crafted HTML page - and Chromium's own severity rating of Low tempers urgency relative to the NVD CVSS Medium score. No public exploit identified at time of analysis, and EPSS stands at 0.03% (11th percentile), indicating very low near-term exploitation probability.
Technical ContextAI
The vulnerability resides in Chrome's Fonts rendering subsystem, where an integer overflow in font-data processing logic produces an out-of-bounds read condition classified under CWE-125. Integer overflows in font parsers are a well-documented browser attack surface: font structures carry large dimension, offset, or length fields that, when arithmetic is performed without adequate bounds checks, can silently wrap around and cause subsequent read operations to access memory well outside the intended buffer. The EUVD entry (EUVD-2026-34760) identifies the affected product range as Google Chrome desktop builds prior to version 149.0.7827.53. A minor classification discrepancy exists between the CVE description - which names 'integer overflow' as the root cause - and the assigned CWE-125 (Out-of-bounds Read), which identifies the downstream consequence; this pairing is consistent with an integer overflow that silently corrupts an index or length value and causes a subsequent read to escape the intended allocation.
RemediationAI
Vendor-released patch: Google Chrome 149.0.7827.53. Users should update immediately via the browser's built-in mechanism (Settings → Help → About Google Chrome triggers an update check and restart) or through enterprise deployment tooling such as Google Admin console or Microsoft Intune. The authoritative vendor release notes are at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html. Given the low EPSS score, Chromium Low severity rating, and SSVC deferred posture, this patch can be applied through a normal scheduled update cycle rather than an emergency out-of-band deployment. As a compensating control prior to patching in restricted enterprise environments, web content filtering policies that block navigation to untrusted or uncategorized domains will reduce exposure to attacker-hosted pages, though this carries usability trade-offs and does not address compromise of legitimate-but-hijacked sites.
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34760
GHSA-xx2v-hw92-qxmx