Skip to main content

Google Chrome CVE-2026-13890

| EUVDEUVD-2026-40576 MEDIUM
Out-of-bounds Read (CWE-125)
2026-06-30 chrome-cve-admin@google.com GHSA-p56f-xpc2-m48c
5.3
CVSS 3.1 · Vendor: google
Share

Severity by source

Vendor (google) PRIMARY
5.3 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
vuln.today AI
5.3 MEDIUM

AC:H reflects mandatory prior renderer compromise; UI:R for crafted page; C:H for memory disclosure; I:N/A:N as only confidentiality is impacted with no scope change.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from Vendor (google).

CVSS VectorVendor: google

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jul 01, 2026 - 02:25 vuln.today
CVSS changed
Jul 01, 2026 - 02:22 NVD
5.3 (MEDIUM)
CVE Published
Jun 30, 2026 - 23:17 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 30, 2026 - 23:17 cve.org
MEDIUM 5.3

DescriptionCVE.org

Out of bounds read in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

AnalysisAI

Out-of-bounds read in the Chromecast component of Google Chrome prior to 150.0.7871.47 enables a remote attacker, who has already achieved renderer process compromise, to exfiltrate potentially sensitive data from process memory via a crafted HTML page. This is a second-stage, chained vulnerability - it cannot be exploited in isolation and requires a prior renderer compromise as a prerequisite. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Exploit separate renderer RCE vulnerability
Delivery
Gain control of Chrome renderer process
Exploit
Deliver crafted HTML page to victim
Execution
Trigger out-of-bounds read in Chromecast component
Persist
Leak sensitive renderer process memory
Impact
Exfiltrate captured data

Vulnerability AssessmentAI

Exploitation Exploitation requires two explicit prerequisites: (1) the attacker must have already achieved compromise of the Chrome renderer process via a separate, unrelated vulnerability - this is confirmed by the description and reflected in CVSS AC:H; and (2) the victim must load a crafted HTML page (CVSS UI:R). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS base score of 5.3 (Medium) is consistent with the realistic attack complexity here. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has independently compromised the Chrome renderer process - for example, via a separate renderer RCE vulnerability - then serves a crafted HTML page that triggers the Chromecast component's out-of-bounds read, causing it to read beyond an allocated buffer and return memory contents to the attacker. The leaked data could include sensitive in-memory artifacts such as authentication tokens, encryption keys, or user credentials present in renderer memory at the time of exploitation. …
Remediation The primary fix is to update Google Chrome to version 150.0.7871.47 or later, as documented in the vendor advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

CVE-2026-13890 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy