Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Uninitialized Use in WebML in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
AnalysisAI
Uninitialized memory read in Chrome's WebML component on macOS exposes potentially sensitive process memory contents to remote attackers. Affected are all Chrome versions prior to 149.0.7827.53 on Mac; exploitation requires convincing a user to visit a specially crafted HTML page. No public exploit code or active exploitation (CISA KEV) has been identified, and the EPSS score of 0.03% (10th percentile) reflects low real-world exploitation likelihood at time of analysis.
Technical ContextAI
CWE-457 (Use of Uninitialized Variable) describes a class of memory-safety bug where a variable is read before being assigned a defined value, allowing residual heap or stack contents to be exposed. The affected component is WebML, Chrome's on-device machine learning inference subsystem used to accelerate browser-embedded AI tasks. Because WebML processes attacker-influenced web content (HTML/JS), a crafted page can trigger a code path that reads an uninitialized buffer and potentially surfaces sensitive data - such as prior memory allocations from the same process - back to the attacker via a side channel or direct return value. The vulnerability is scoped to the macOS platform, suggesting a platform-specific allocation or alignment behavior that diverges from Windows/Linux builds. Affected versions are all Chrome releases below 149.0.7827.53 on Mac, per ENISA EUVD-2026-34482.
RemediationAI
Update Google Chrome on macOS to version 149.0.7827.53 or later; this is the vendor-released patch confirmed in the stable channel advisory at chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html. Chrome's auto-update mechanism should deliver this update automatically, but administrators managing enterprise fleets should verify deployment via policy or MDM. As a compensating control pending update, disabling or restricting access to pages that invoke WebML inference (e.g., AI-driven browser features) may reduce exposure, though this is operationally disruptive and not a substitute for patching. Site Isolation (already on by default in Chrome) limits cross-origin memory leakage scope but does not eliminate the intra-process memory disclosure risk.
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, a
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, do
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderb
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Conta
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbi
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and Se
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13
Same weakness CWE-457 – Use of Uninitialized Variable
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34482
GHSA-r34r-5rvh-pc3m