Skip to main content

Google Chrome CVE-2026-13947

| EUVDEUVD-2026-40635 MEDIUM
Use of Uninitialized Variable (CWE-457)
2026-06-30 chrome-cve-admin@google.com GHSA-xgjj-rf26-5wm5
5.3
CVSS 3.1 · Vendor: google
Share

Severity by source

Vendor (google) PRIMARY
5.3 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
vuln.today AI
5.3 MEDIUM

AC:H captures mandatory renderer pre-compromise; C:H reflects process memory disclosure; I:N and A:N because only read access is demonstrated.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from Vendor (google).

CVSS VectorVendor: google

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jul 01, 2026 - 02:29 vuln.today
CVSS changed
Jul 01, 2026 - 02:22 NVD
5.3 (MEDIUM)
CVE Published
Jun 30, 2026 - 23:17 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 30, 2026 - 23:17 cve.org
MEDIUM 5.3

DescriptionCVE.org

Uninitialized Use in XR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

AnalysisAI

Uninitialized memory read in Google Chrome's XR (Extended Reality/WebXR) subsystem exposes process memory to a remote attacker who has already achieved renderer process compromise. Affected versions are all Chrome releases prior to 150.0.7871.47. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Deliver renderer exploit via crafted page
Delivery
Compromise Chrome renderer process
Exploit
Serve XR-triggering HTML payload
Execution
Trigger uninitialized memory read in XR subsystem
Impact
Extract sensitive bytes from process memory

Vulnerability AssessmentAI

Exploitation Two conditions must both be satisfied: (1) the attacker must have already compromised the Chrome renderer process through a separate exploit - this is not a standalone initial-access vulnerability; (2) the victim must visit or be directed to a crafted HTML page that triggers the XR code path, requiring active user interaction (UI:R). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 5.3 (Medium) with vector AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N accurately reflects the constrained real-world risk profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker first compromises a victim's Chrome renderer process through a separate, unrelated renderer vulnerability - for example, a type confusion or heap overflow in V8 or Blink. With renderer access established, the attacker serves a crafted HTML page containing malicious WebXR content that triggers the uninitialized memory read in Chrome's XR subsystem, leaking adjacent process memory bytes that may contain sensitive data such as passwords, session cookies, or cryptographic material. …
Remediation Update Google Chrome to version 150.0.7871.47 or later via the browser's built-in update mechanism (Help > About Google Chrome) or via enterprise deployment tools. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

CVE-2026-13947 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy