Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Renderer pre-compromise sets AC:H; UI:R for crafted page delivery; C:H for process memory leak; S:U and I:N/A:N because the flaw neither escapes the sandbox nor affects integrity or availability.
Primary rating from Vendor (google).
CVSS VectorVendor: google
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Uninitialized Use in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
AnalysisAI
Uninitialized memory read in Skia, Chrome's 2D graphics library, exposes process memory contents to an attacker who has already compromised the renderer process by delivering a crafted HTML page. Affected are all Chrome desktop installations prior to 150.0.7871.47; the confidentiality impact is scoped to renderer process memory, which may contain session tokens, DOM content, or cached credentials. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Two concrete preconditions must both be satisfied: (1) the attacker must have independently compromised the Chrome renderer process via a separate vulnerability - CVE-2026-13971 alone cannot achieve this and provides no renderer entry point; (2) the victim must actively visit or be navigated to a crafted HTML page (CVSS UI:R - active user interaction required). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N scores 5.3 Medium and faithfully encodes the exploitation difficulty: AC:H captures the renderer pre-compromise prerequisite, UI:R captures required victim interaction with a crafted page, and S:U confirms the flaw does not cross sandbox boundaries on its own. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has separately exploited a renderer-level vulnerability in Chrome (such as a V8 type confusion or heap overflow) then serves the victim a crafted HTML page that exercises the vulnerable Skia code path, triggering reads of uninitialized memory and leaking renderer process memory contents back to the attacker. This leaked data - potentially including ASLR layout information, session cookies held in memory, or cross-origin DOM fragments - could then be used to refine or complete a full sandbox-escape exploit chain. … |
| Remediation | Update Google Chrome to version 150.0.7871.47 or later, which contains the vendor-released patch as confirmed by the stable channel advisory at chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-457 – Use of Uninitialized Variable
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Moderate| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40659
GHSA-frgv-r5vp-3xhc