Skip to main content

Google Chrome CVE-2026-13874

| EUVDEUVD-2026-40560 MEDIUM
Race Condition (CWE-362)
2026-06-30 chrome-cve-admin@google.com GHSA-4hqp-vpr6-3wc9
5.3
CVSS 3.1 · Vendor: google
Share

Severity by source

Vendor (google) PRIMARY
5.3 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
vuln.today AI
5.3 MEDIUM

Race condition demands precise timing control (AC:H); user must actively trigger DataTransfer (UI:R); impact is read-only memory disclosure within renderer scope (C:H, I:N, A:N, S:U).

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from Vendor (google).

CVSS VectorVendor: google

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jul 01, 2026 - 02:24 vuln.today
CVSS changed
Jul 01, 2026 - 02:22 NVD
5.3 (MEDIUM)
CVE Published
Jun 30, 2026 - 23:17 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 30, 2026 - 23:17 cve.org
MEDIUM 5.3

DescriptionCVE.org

Race in DataTransfer in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

AnalysisAI

Race condition in the DataTransfer API in Google Chrome prior to 150.0.7871.47 allows a remote attacker to read potentially sensitive data from renderer process memory by luring a user to a specially crafted HTML page. The CVSS vector (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) confirms the impact is limited to confidentiality - no integrity or availability loss - and that reliable exploitation requires winning a timing race (AC:H) combined with user interaction. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Attacker crafts malicious HTML page with DataTransfer event handlers
Delivery
Victim is lured to page via phishing or malicious link
Exploit
Victim performs drag-and-drop or clipboard interaction
Execution
Race condition opens memory access window in renderer
Persist
Attacker script reads sensitive process memory
Impact
Data exfiltrated to attacker-controlled endpoint

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to visit an attacker-controlled web page and perform an active DataTransfer interaction - such as initiating a drag-and-drop gesture or a clipboard paste event - that triggers the vulnerable code path (UI:R). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS Medium score of 5.3 reflects a meaningful but qualified threat. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker publishes a web page containing crafted JavaScript that registers DataTransfer event handlers (e.g., dragstart, paste) designed to race against Chrome's internal memory management during a data transfer operation. When the victim visits the page and interacts with a drag-and-drop or clipboard element, the attacker's script wins the race window and reads adjacent memory contents - potentially including sensitive in-page data - which is then exfiltrated to an attacker-controlled server. …
Remediation Update Google Chrome to version 150.0.7871.47 or later, as documented in the stable channel release at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

CVE-2026-13874 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy