CVE-2026-14049: Inappropriate implementation in Google Chrome
A vulnerability in the GPU implementation of Google Chrome prior to version 150.0.7871.47 allows a remote attacker who has compromised the renderer process to potentially access sensitive information from process memory via a crafted HTML page. The issue is classified as a medium severity information disclosure vulnerability.
AI Analysis
Technical Summary
CVE-2026-14049 is an information disclosure vulnerability in the GPU component of Google Chrome versions before 150.0.7871.47. It enables a remote attacker, with control over the renderer process, to extract potentially sensitive data from process memory by leveraging a specially crafted HTML page. The vulnerability is related to an inappropriate implementation that leads to unintended data exposure. The CVSS v3.1 base score is 5.3, reflecting a medium severity with network attack vector, high attack complexity, no privileges required, user interaction required, unchanged scope, and high confidentiality impact but no integrity or availability impact. There are no known exploits in the wild at this time. The vendor has published an advisory linked to a stable channel update addressing this issue.
Potential Impact
An attacker who has already compromised the renderer process in Chrome can exploit this vulnerability to obtain sensitive information from process memory. This could lead to leakage of confidential data. However, exploitation requires prior compromise of the renderer process and user interaction, limiting the ease of exploitation. There is no impact on integrity or availability.
Mitigation Recommendations
A fix is available in Google Chrome version 150.0.7871.47. Users and administrators should update to this version or later to remediate the vulnerability. The vendor advisory linked confirms the availability of this update. No additional mitigations are specified.
CVE-2026-14049: Inappropriate implementation in Google Chrome
Description
A vulnerability in the GPU implementation of Google Chrome prior to version 150.0.7871.47 allows a remote attacker who has compromised the renderer process to potentially access sensitive information from process memory via a crafted HTML page. The issue is classified as a medium severity information disclosure vulnerability.
CVSS v3.1
Score 5.3medium
Affected software
pkg:github/chromium/chromiumRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-14049 is an information disclosure vulnerability in the GPU component of Google Chrome versions before 150.0.7871.47. It enables a remote attacker, with control over the renderer process, to extract potentially sensitive data from process memory by leveraging a specially crafted HTML page. The vulnerability is related to an inappropriate implementation that leads to unintended data exposure. The CVSS v3.1 base score is 5.3, reflecting a medium severity with network attack vector, high attack complexity, no privileges required, user interaction required, unchanged scope, and high confidentiality impact but no integrity or availability impact. There are no known exploits in the wild at this time. The vendor has published an advisory linked to a stable channel update addressing this issue.
Potential Impact
An attacker who has already compromised the renderer process in Chrome can exploit this vulnerability to obtain sensitive information from process memory. This could lead to leakage of confidential data. However, exploitation requires prior compromise of the renderer process and user interaction, limiting the ease of exploitation. There is no impact on integrity or availability.
Mitigation Recommendations
A fix is available in Google Chrome version 150.0.7871.47. Users and administrators should update to this version or later to remediate the vulnerability. The vendor advisory linked confirms the availability of this update. No additional mitigations are specified.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-06-29T23:11:31.821Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html","vendor":"Google"}]
Threat ID: 6a444c2d27e9c7971985d2c9
Added to database: 06/30/2026, 23:07:25 UTC
Last enriched: 07/01/2026, 01:23:01 UTC
Last updated: 07/01/2026, 02:51:12 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.