Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
AC:H captures the mandatory renderer-compromise prerequisite; C:H reflects direct process memory read; no integrity or availability impact exists.
Primary rating from Vendor (google).
CVSS VectorVendor: google
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Insufficient policy enforcement in Spellcheck in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
AnalysisAI
Insufficient policy enforcement in the Spellcheck component of Google Chrome prior to 150.0.7871.47 exposes process memory to attackers who have already achieved renderer process compromise. The vulnerability enables a second-stage information disclosure step in a chained attack: after compromising the renderer, the attacker serves a crafted HTML page that exploits the Spellcheck policy gap to read potentially sensitive data from memory. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the attacker has already compromised the Chrome renderer process via a separate vulnerability - this is an explicit prerequisite stated in the CVE description ('a remote attacker who had compromised the renderer process'). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N yields a base score of 5.3 (Medium). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has separately exploited a renderer-process vulnerability in Chrome - for example, a JavaScript engine type-confusion bug - then serves a crafted HTML page designed to trigger the Spellcheck policy enforcement flaw, causing the compromised renderer to read and exfiltrate memory regions containing potentially sensitive data such as credentials, tokens, or page content from other contexts. No public proof-of-concept code for this specific vulnerability has been identified, and it would realistically appear as a chained second stage in a full browser exploit rather than as a standalone attack. |
| Remediation | Update Google Chrome to version 150.0.7871.47 or later, which includes the Spellcheck policy enforcement fix per the vendor stable channel advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Moderate| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40597
GHSA-2w8q-jwxq-9mrg