Back to overview

CVE-2026-13940

MEDIUM
6.5
CVSS 3.1
Description
Uninitialized Use in Cast in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via malicious network traffic. (Chromium security severity: Medium)

Metadata

CVE ID
CVE-2026-13940
State
PUBLISHED
Assigner
Chrome
Reserved
2026-06-29 23:03 UTC
Published
2026-06-30 22:38 UTC
Last updated
2026-07-01 01:26 UTC
Primary CWE
CWE-457
Uninitialized Use
Vendor / Product
Google / Chrome
Sources
cve.org  ·  NVD

Severity & Metrics

6.5 MEDIUM CVSS 3.1
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
Google Chrome 150.0.7871.47 < 150.0.7871.47
Weakness (CWE)
CWESourceDescription
CWE-457 cna Uninitialized Use
CVSS scores (1)
ScoreSeverityVersionSourceVector
6.5 MEDIUM 3.1 adp CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Back to overview