CVE-2026-10998 | Out of bounds read in Media in Google Chrome prior to 149.0.… | CVSS 4.0 MEDIUM

Description

Out of bounds read in Media in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform an out of bounds memory read via malicious network traffic. (Chromium security severity: Medium)

Metadata

CVE ID: CVE-2026-10998
State: PUBLISHED
Assigner: Chrome
Reserved: 2026-06-04 17:06 UTC
Published: 2026-06-04 23:04 UTC
Last updated: 2026-06-05 10:43 UTC
Primary CWE: CWE-125
Out of bounds read
Vendor / Product: Google / Chrome
Sources: cve.org · NVD

Severity & Metrics

4.0 MEDIUM CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Google	Chrome	—	149.0.7827.53 < 149.0.7827.53

Weakness (CWE)

CWE	Source	Description
CWE-125	cna	Out of bounds read

CVSS scores (1)

Score	Severity	Version	Source	Vector
4.0	MEDIUM	3.1	adp	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References (2)