Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Bluetooth adjacency mandates physical proximity; no attacker auth needed; impact is process memory read only, no integrity or availability loss.
Primary rating from Vendor (google).
CVSS VectorVendor: google
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Use after free in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: Medium)
AnalysisAI
Use-after-free in Google Chrome's Bluetooth subsystem (all versions prior to 150.0.7871.47) enables an unauthenticated attacker within Bluetooth radio range to leak sensitive data from Chrome's process memory by operating a malicious Bluetooth peripheral. The CVSS vector (AV:A/PR:N/UI:N/C:H) confirms no attacker-side authentication is required and impact is confidentiality-only, with no integrity or availability loss. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The victim must be running Google Chrome prior to version 150.0.7871.47 with Bluetooth hardware present and enabled at the OS level. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS 6.5 vector (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) is internally consistent with the description: adjacency constrains the attack to Bluetooth radio range, AC:L indicates low operational complexity once in range, and PR:N/UI:N confirm no victim cooperation or attacker authentication is needed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker positions a rogue Bluetooth device - such as a modified microcontroller or a laptop running custom Bluetooth firmware - within radio range (typically up to 10 meters for Class 2 devices) of a target running unpatched Chrome. The rogue peripheral sends specially crafted Bluetooth protocol messages during the connection or service-discovery phase, triggering the use-after-free condition in Chrome's Bluetooth subsystem. … |
| Remediation | Update Google Chrome to version 150.0.7871.47 or later immediately via Chrome's built-in update mechanism (Settings > Help > About Google Chrome) or by referencing the stable channel advisory at http://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allVendor StatusVendor
SUSE
Severity: Moderate| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40565
GHSA-4ccf-vvrm-fqpq