Severity by source
AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack is delivered via network traffic to a local-network Chromecast component, making AV:A more accurate than AV:L; no privileges required; user interaction needed; confidentiality-only impact.
Primary rating from Vendor (google).
CVSS VectorVendor: google
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
Out of bounds read in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via malicious network traffic. (Chromium security severity: Low)
AnalysisAI
Out-of-bounds read in Chrome's Chromecast component allows a local attacker to leak sensitive contents from the browser's process memory by delivering malicious network traffic to the affected subsystem. Affected versions are all Chrome releases prior to 150.0.7871.47 on desktop platforms. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires: (1) the attacker be positioned on the same local network as the victim to deliver malicious Chromecast protocol traffic; (2) the victim's Chrome browser must be processing Chromecast-related network activity at the time of the attack - either actively using the Cast feature or with the Cast component initialized; and (3) some degree of user interaction (UI:R per CVSS vector) is required, though the exact interaction is not specified in available data. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 5.5 with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N presents a notable tension: the attack vector is Local (AV:L), yet the mechanism is explicitly described as 'malicious network traffic,' which is more consistent with an Adjacent (AV:A) vector. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker positioned on the same local network as the victim crafts malicious Chromecast protocol messages - such as spoofed Cast receiver responses or manipulated streaming negotiation packets - and transmits them to the target system running a vulnerable Chrome version. When the victim's Chrome browser processes these packets via its Chromecast component (for example, while browsing a Cast-enabled site or with the Cast toolbar active), the out-of-bounds read is triggered, potentially exposing fragments of Chrome's process memory to the attacker. … |
| Remediation | The primary fix is upgrading Google Chrome to version 150.0.7871.47 or later, which resolves this vulnerability per the vendor's stable channel update advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allVendor StatusVendor
SUSE
Severity: Moderate| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40750
GHSA-jhm7-5pwp-pw2x