Skip to main content

Google Chrome Android EUVDEUVD-2026-39044

| CVE-2026-13030 MEDIUM
Use of Uninitialized Variable (CWE-457)
2026-06-24 Chrome GHSA-53ww-g6wp-vwp6
5.3
CVSS 3.1 · Vendor: Chrome
Share

Severity by source

Vendor (Chrome) PRIMARY
5.3 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
vuln.today AI
5.3 MEDIUM

Crafted HTML page delivered over network (AV:N), reliable GPU memory leak requires conditions outside attacker control (AC:H), no authentication needed (PR:N), user must visit page (UI:R), confidentiality-only impact with no integrity or availability effect.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
4.0 AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Chrome).

CVSS VectorVendor: Chrome

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jun 24, 2026 - 21:41 vuln.today
CVSS changed
Jun 24, 2026 - 20:22 NVD
5.3 (MEDIUM)
CVE Published
Jun 24, 2026 - 18:43 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 24, 2026 - 18:43 cve.org
MEDIUM 5.3

DescriptionCVE.org

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

AnalysisAI

Uninitialized GPU memory use in Google Chrome on Android before 149.0.7827.197 exposes process memory contents to remote attackers without requiring authentication. An attacker who induces a user to load a crafted HTML page can read potentially sensitive data from Chrome's GPU process memory, consistent with the High confidentiality impact assigned in the CVSS vector. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Attacker hosts crafted HTML page
Delivery
Target user follows phishing or malicious link
Exploit
Chrome GPU processes malicious HTML
Execution
Uninitialized GPU memory buffer read
Impact
Sensitive process memory contents leaked to attacker

Vulnerability AssessmentAI

Exploitation Exploitation requires the target to be running Google Chrome on Android with a version prior to 149.0.7827.197, and the user must actively navigate to a crafted HTML page under attacker control (UI:R). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 5.3 (Medium) reflects AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N - remote delivery via a crafted HTML page, high attack complexity, no privileges required, but mandatory user interaction and no integrity or availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers or compromises a website and embeds a crafted HTML page designed to trigger the uninitialized GPU memory path in Chrome's Android rendering pipeline. A target user is directed to the page via a phishing message or malicious advertisement; upon rendering, the page causes Chrome to read and expose uninitialized GPU memory, potentially leaking sensitive fragments of previously processed data back to the attacker. …
Remediation The vendor-released patch is Google Chrome 149.0.7827.197 for Android; users should update immediately via Google Play or Chrome's built-in update mechanism, as documented in the stable channel advisory at http://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39044 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy