Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Network attack via crafted page requires passive user visit (UI:R, PR:N); confidentiality-only impact from process memory read; scope unchanged within browser process.
Primary rating from Vendor (google).
CVSS VectorVendor: google
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
AnalysisAI
Insufficient Bluetooth policy enforcement in Google Chrome prior to 150.0.7871.47 allows remote attackers to read potentially sensitive data from browser process memory by luring a victim to a crafted HTML page. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) scores 6.5 Medium at NVD, though Chromium's own severity rating is 'Low,' suggesting Chrome's sandbox architecture limits practical memory exposure. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to visit a crafted HTML page in a vulnerable version of Google Chrome (prior to 150.0.7871.47) - this is the only confirmed prerequisite per the description and CVSS UI:R metric. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD CVSS 3.1 score of 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) reflects network-accessible exploitation requiring no privileges but mandating user interaction, with high confidentiality impact and no integrity or availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers a malicious domain and serves a crafted HTML page that invokes Chrome's Web Bluetooth API in a manner that triggers the policy enforcement bypass. When a victim running a vulnerable Chrome version visits the page, the renderer processes the crafted content, and the Bluetooth policy flaw allows the page script to read portions of browser process memory, potentially extracting session tokens, cached credentials, or other in-memory data. … |
| Remediation | Upgrade Google Chrome to version 150.0.7871.47 or later, which contains the vendor-released fix per the Chrome Stable Channel advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allVendor StatusVendor
SUSE
Severity: Moderate| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40722
GHSA-72jh-248p-q66p