Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AV:A confirmed by Bluetooth adjacency; PR:N because no auth needed; C:H for process memory leakage; I and A remain N as no write or crash impact described.
Primary rating from Vendor (google).
CVSS VectorVendor: google
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Type Confusion in Bluetooth in Google Chrome on Windows prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: Low)
AnalysisAI
Type confusion in Chrome's Bluetooth stack on Windows (versions prior to 150.0.7871.47) enables an adjacent-network attacker to exfiltrate sensitive data from Chrome process memory by presenting a malicious Bluetooth peripheral. The CVSS 6.5 score reflects high confidentiality impact but no integrity or availability exposure; notably, Chromium's internal security team rated this Low severity, suggesting the memory regions accessible are constrained. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must be physically within Bluetooth radio range of the target (typically 10-100 meters, depending on Bluetooth class). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 6.5 base score is driven primarily by the C:H (high confidentiality impact) metric, but several signals moderate real-world priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker within Bluetooth range of a Windows machine running a vulnerable Chrome version broadcasts or pairs a crafted Bluetooth device that triggers the type confusion flaw in Chrome's Bluetooth handling code. The confused type read causes Chrome to return memory contents from the browser process to the malicious peripheral, potentially exposing data from open tabs, cached credentials, or in-memory session tokens. … |
| Remediation | Upgrade Google Chrome on Windows to version 150.0.7871.47 or later - this is the vendor-released patch confirmed via the Chrome stable channel blog at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Memory Corruption
View allVendor StatusVendor
SUSE
Severity: Moderate| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40806
GHSA-m8qw-rfh7-66f9