Skip to main content

Google Chrome CVE-2026-13971

| EUVDEUVD-2026-40659 MEDIUM
Use of Uninitialized Variable (CWE-457)
2026-06-30 chrome-cve-admin@google.com GHSA-frgv-r5vp-3xhc
5.3
CVSS 3.1 · Vendor: google
Share

Severity by source

Vendor (google) PRIMARY
5.3 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
vuln.today AI
5.3 MEDIUM

Renderer pre-compromise sets AC:H; UI:R for crafted page delivery; C:H for process memory leak; S:U and I:N/A:N because the flaw neither escapes the sandbox nor affects integrity or availability.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from Vendor (google).

CVSS VectorVendor: google

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jul 01, 2026 - 02:33 vuln.today
CVSS changed
Jul 01, 2026 - 02:22 NVD
5.3 (MEDIUM)
CVE Published
Jun 30, 2026 - 23:17 cve.org
MEDIUM 5.3
CVE Published
Jun 30, 2026 - 23:17 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Uninitialized Use in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

AnalysisAI

Uninitialized memory read in Skia, Chrome's 2D graphics library, exposes process memory contents to an attacker who has already compromised the renderer process by delivering a crafted HTML page. Affected are all Chrome desktop installations prior to 150.0.7871.47; the confidentiality impact is scoped to renderer process memory, which may contain session tokens, DOM content, or cached credentials. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Exploit separate renderer vulnerability
Delivery
Gain code execution in Chrome renderer
Exploit
Deliver crafted HTML page to victim
Execution
Trigger Skia uninitialized memory read
Persist
Leak renderer process memory contents
Impact
Use leaked data to refine exploit chain

Vulnerability AssessmentAI

Exploitation Two concrete preconditions must both be satisfied: (1) the attacker must have independently compromised the Chrome renderer process via a separate vulnerability - CVE-2026-13971 alone cannot achieve this and provides no renderer entry point; (2) the victim must actively visit or be navigated to a crafted HTML page (CVSS UI:R - active user interaction required). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N scores 5.3 Medium and faithfully encodes the exploitation difficulty: AC:H captures the renderer pre-compromise prerequisite, UI:R captures required victim interaction with a crafted page, and S:U confirms the flaw does not cross sandbox boundaries on its own. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has separately exploited a renderer-level vulnerability in Chrome (such as a V8 type confusion or heap overflow) then serves the victim a crafted HTML page that exercises the vulnerable Skia code path, triggering reads of uninitialized memory and leaking renderer process memory contents back to the attacker. This leaked data - potentially including ASLR layout information, session cookies held in memory, or cross-origin DOM fragments - could then be used to refine or complete a full sandbox-escape exploit chain. …
Remediation Update Google Chrome to version 150.0.7871.47 or later, which contains the vendor-released patch as confirmed by the stable channel advisory at chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

CVE-2026-13971 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy