Skip to main content

Google Chrome CVE-2026-14062

| EUVDEUVD-2026-40749 MEDIUM
Information Exposure (CWE-200)
2026-06-30 chrome-cve-admin@google.com GHSA-4h89-vwxj-5q9p
5.9
CVSS 3.1 · Vendor: google
Share

Severity by source

Vendor (google) PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
5.3 MEDIUM

UI:R corrects the provided vector - the description explicitly requires user installation of a malicious extension, mandating active user interaction; all other metrics retained.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
4.0 AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from Vendor (google).

CVSS VectorVendor: google

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jul 01, 2026 - 02:40 vuln.today
CVSS changed
Jul 01, 2026 - 02:22 NVD
5.9 (MEDIUM)
CVE Published
Jun 30, 2026 - 23:17 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 30, 2026 - 23:17 cve.org
MEDIUM 5.9

DescriptionCVE.org

Inappropriate implementation in Views in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Low)

AnalysisAI

Process memory disclosure in Google Chrome's Views UI framework on ChromeOS allows a crafted extension, once installed by a user, to read potentially sensitive data from Chrome's process memory. All ChromeOS Chrome versions prior to 150.0.7871.47 are affected; desktop Chrome on Windows, macOS, and Linux is not confirmed in scope. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious Chrome Extension targeting Views flaw
Delivery
Distribute via phishing or Web Store submission
Exploit
Convince ChromeOS user to install extension
Execution
Extension triggers inappropriate Views memory access
Impact
Read sensitive data from Chrome process memory

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target is running Google Chrome on ChromeOS (not Windows, macOS, or Linux) at a version prior to 150.0.7871.47, and that the user is socially engineered into installing a specifically crafted malicious Chrome Extension. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Multiple signals collectively indicate moderate-to-low real-world priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a Chrome Extension specifically designed to trigger the Views memory disclosure flaw and distributes it through a social engineering campaign - for example, a phishing email advertising a fake productivity tool or a malicious listing submitted to the Chrome Web Store. Once a ChromeOS user running Chrome prior to 150.0.7871.47 installs the extension, it invokes the crafted API interactions that cause the Views component to expose process memory, potentially leaking session cookies, passwords, or sensitive form data resident in memory at the time of exploitation. …
Remediation Update Google Chrome on ChromeOS to version 150.0.7871.47 or later, as documented in the Google Stable Channel advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

CVE-2026-14062 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy