Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
AC:H reflects the mandatory renderer-compromise prerequisite; C:H applies since process memory may contain high-value secrets; no integrity or availability impact.
Primary rating from Vendor (google).
CVSS VectorVendor: google
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Out of bounds read in ANGLE in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
AnalysisAI
Out-of-bounds read in ANGLE, Chrome's cross-platform graphics abstraction engine, enables sensitive process memory disclosure on macOS for attackers who have already compromised the renderer process. Affected versions are Google Chrome prior to 150.0.7871.47 on Mac; Windows and Linux are not listed as affected. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation of CVE-2026-13975 requires that the Chrome renderer process on macOS has already been compromised via a separate, independent vulnerability - this prerequisite is explicitly stated in the CVE description ('remote attacker who had compromised the renderer process'). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 5.3 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) appropriately reflects medium severity. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker first exploits a separate, higher-severity Chrome vulnerability - such as a JavaScript engine type confusion or heap overflow - to gain code execution within the renderer process when the victim visits a malicious webpage on macOS. With the renderer under their control, the attacker then triggers the ANGLE out-of-bounds read via a crafted HTML page that induces malformed GPU draw calls, reading memory adjacent to ANGLE's graphics buffers to extract sensitive data such as authentication tokens, cached credentials, or cryptographic keys resident in the renderer's heap. … |
| Remediation | Update Google Chrome on macOS to version 150.0.7871.47 or later via the stable channel release documented at http://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allVendor StatusVendor
SUSE
Severity: Moderate| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40663
GHSA-qmm5-xxxq-q4f8