Skip to main content

Google Chrome CVE-2026-13975

| EUVDEUVD-2026-40663 MEDIUM
Out-of-bounds Read (CWE-125)
2026-06-30 chrome-cve-admin@google.com GHSA-qmm5-xxxq-q4f8
5.3
CVSS 3.1 · Vendor: google
Share

Severity by source

Vendor (google) PRIMARY
5.3 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
vuln.today AI
5.3 MEDIUM

AC:H reflects the mandatory renderer-compromise prerequisite; C:H applies since process memory may contain high-value secrets; no integrity or availability impact.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from Vendor (google).

CVSS VectorVendor: google

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jul 01, 2026 - 02:34 vuln.today
CVSS changed
Jul 01, 2026 - 02:22 NVD
5.3 (MEDIUM)
CVE Published
Jun 30, 2026 - 23:17 cve.org
MEDIUM 5.3
CVE Published
Jun 30, 2026 - 23:17 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Out of bounds read in ANGLE in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

AnalysisAI

Out-of-bounds read in ANGLE, Chrome's cross-platform graphics abstraction engine, enables sensitive process memory disclosure on macOS for attackers who have already compromised the renderer process. Affected versions are Google Chrome prior to 150.0.7871.47 on Mac; Windows and Linux are not listed as affected. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Lure macOS Chrome user to attacker-controlled site
Delivery
Exploit separate renderer vulnerability to gain code execution
Exploit
Renderer process compromised
Execution
Deliver crafted HTML page triggering malformed ANGLE GPU calls
Persist
Out-of-bounds read reads process memory
Impact
Exfiltrate sensitive in-memory data

Vulnerability AssessmentAI

Exploitation Exploitation of CVE-2026-13975 requires that the Chrome renderer process on macOS has already been compromised via a separate, independent vulnerability - this prerequisite is explicitly stated in the CVE description ('remote attacker who had compromised the renderer process'). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 5.3 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) appropriately reflects medium severity. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker first exploits a separate, higher-severity Chrome vulnerability - such as a JavaScript engine type confusion or heap overflow - to gain code execution within the renderer process when the victim visits a malicious webpage on macOS. With the renderer under their control, the attacker then triggers the ANGLE out-of-bounds read via a crafted HTML page that induces malformed GPU draw calls, reading memory adjacent to ANGLE's graphics buffers to extract sensitive data such as authentication tokens, cached credentials, or cryptographic keys resident in the renderer's heap. …
Remediation Update Google Chrome on macOS to version 150.0.7871.47 or later via the stable channel release documented at http://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

CVE-2026-13975 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy