Skip to main content

Google Chrome Android CVE-2026-14088

| EUVDEUVD-2026-40775 MEDIUM
Use of Uninitialized Variable (CWE-457)
2026-06-30 chrome-cve-admin@google.com GHSA-437f-8gm2-935w
6.5
CVSS 3.1 · Vendor: google
Share

Severity by source

Vendor (google) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
vuln.today AI
6.5 MEDIUM

Network-delivered via crafted web page with no privileges needed; user must visit the page (UI:R); only confidentiality is impacted as memory is read but not written.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from Vendor (google).

CVSS VectorVendor: google

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jul 01, 2026 - 02:41 vuln.today
CVSS changed
Jul 01, 2026 - 02:22 NVD
6.5 (MEDIUM)
CVE Published
Jun 30, 2026 - 23:17 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 30, 2026 - 23:17 cve.org
MEDIUM 6.5

DescriptionCVE.org

Uninitialized Use in Canvas in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

AnalysisAI

Uninitialized memory read in the Canvas API of Google Chrome on Android (prior to 150.0.7871.47) exposes potentially sensitive process memory contents to remote attackers. Exploitation requires luring a target to a crafted HTML page, after which the uninitialized Canvas buffer may leak memory from the renderer process. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Attacker hosts crafted HTML page
Delivery
Victim on Android Chrome visits page
Exploit
Canvas API allocates uninitialized buffer
Execution
JavaScript reads uninitialized memory
Impact
Process memory fragments leaked to attacker script

Vulnerability AssessmentAI

Exploitation The victim must be running Google Chrome on an Android device with a version prior to 150.0.7871.47. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD CVSS 3.1 score of 6.5 (Medium) reflects network reachability with no authentication, low complexity, and high confidentiality impact - but Chromium's own security team has independently classified this as Low severity, indicating the practical scope of leaked memory is likely limited, non-deterministic, or difficult to weaponize for high-value data extraction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts a crafted HTML page that triggers the uninitialized Canvas buffer read, causing Chrome's renderer process to return uninitalized heap memory to JavaScript. If a victim on Android Chrome (pre-150.0.7871.47) browses to this page - via phishing link, malicious ad, or compromised site - the attacker's script may read memory contents that could include fragments of prior allocations such as tokens, cookies, or other in-process data. …
Remediation Update Google Chrome on Android to version 150.0.7871.47 or later, available via the Google Play Store or Chrome's built-in update mechanism. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

CVE-2026-14088 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy