CVE-2026-13914: Inappropriate implementation in Google Chrome
CVE-2026-13914 is a medium severity vulnerability in Google Chrome on Mac systems prior to version 150.0.7871.47. It involves an inappropriate implementation in the password management component that allows a local attacker to access potentially sensitive information from process memory by leveraging a malicious file. The vulnerability does not affect integrity or availability but impacts confidentiality. No known exploits are reported in the wild. The vendor advisory linked indicates a stable channel update addressing this issue.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-13914) affects Google Chrome on Mac platforms before version 150.0.7871.47. It arises from an inappropriate implementation in the password handling functionality, which permits a local attacker to extract sensitive information from process memory through a crafted malicious file. The CVSS 3.1 base score is 5.5 (medium), reflecting local attack vector with low complexity, no privileges required, user interaction needed, and high confidentiality impact. The issue is tracked under CWE-284 (Improper Access Control). The vendor has published an advisory indicating a stable channel update that presumably includes a fix, although explicit patch status is not stated in the input data.
Potential Impact
An attacker with local access and the ability to trick a user into opening a malicious file can obtain sensitive password-related information from Chrome's process memory. This compromises confidentiality but does not affect integrity or availability. There are no known exploits in the wild at this time.
Mitigation Recommendations
A fix is available in Google Chrome version 150.0.7871.47. Users should update to this version or later to remediate the vulnerability. Refer to the official Google Chrome stable channel update advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html for detailed update instructions. No additional mitigation steps are indicated by the vendor advisory.
CVE-2026-13914: Inappropriate implementation in Google Chrome
Description
CVE-2026-13914 is a medium severity vulnerability in Google Chrome on Mac systems prior to version 150.0.7871.47. It involves an inappropriate implementation in the password management component that allows a local attacker to access potentially sensitive information from process memory by leveraging a malicious file. The vulnerability does not affect integrity or availability but impacts confidentiality. No known exploits are reported in the wild. The vendor advisory linked indicates a stable channel update addressing this issue.
CVSS v3.1
Score 5.5medium
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-13914) affects Google Chrome on Mac platforms before version 150.0.7871.47. It arises from an inappropriate implementation in the password handling functionality, which permits a local attacker to extract sensitive information from process memory through a crafted malicious file. The CVSS 3.1 base score is 5.5 (medium), reflecting local attack vector with low complexity, no privileges required, user interaction needed, and high confidentiality impact. The issue is tracked under CWE-284 (Improper Access Control). The vendor has published an advisory indicating a stable channel update that presumably includes a fix, although explicit patch status is not stated in the input data.
Potential Impact
An attacker with local access and the ability to trick a user into opening a malicious file can obtain sensitive password-related information from Chrome's process memory. This compromises confidentiality but does not affect integrity or availability. There are no known exploits in the wild at this time.
Mitigation Recommendations
A fix is available in Google Chrome version 150.0.7871.47. Users should update to this version or later to remediate the vulnerability. Refer to the official Google Chrome stable channel update advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html for detailed update instructions. No additional mitigation steps are indicated by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-06-29T23:03:50.884Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html","vendor":"Google"}]
Threat ID: 6a444c1f27e9c7971985ccaf
Added to database: 06/30/2026, 23:07:11 UTC
Last enriched: 07/01/2026, 03:08:32 UTC
Last updated: 07/01/2026, 03:25:43 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.