CVE-2026-13940
Last modified
CVE-2026-13940 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Uninitialized Use in Cast in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via malicious network traffic. (Chromium security severity: Medium). EPSS estimates a 0.13% chance of exploitation in the next 30 days.
Description
Uninitialized Use in Cast in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via malicious network traffic. (Chromium security severity: Medium)
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Chrome | < 150.0.7871.47 |
References
- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.htmlRelease Notes, Vendor Advisory
- https://issues.chromium.org/issues/513158425Permissions Required
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-13940?
How severe is CVE-2026-13940?
How do I fix CVE-2026-13940?
Related CVEs from 2026
- CVE-2026-13935Side-channel information leakage in ComputePressure in Googl…6.5
- CVE-2026-13936Inappropriate implementation in Passwords in Google Chrome o…6.5
- CVE-2026-13937Insufficient policy enforcement in Passwords in Google Chrom…6.5
- CVE-2026-13938Integer overflow in Fonts in Google Chrome prior to 150.0.78…8.8
- CVE-2026-13939Insufficient validation of untrusted input in WebShare in Go…3.1
- CVE-2026-1394The WP Quick Contact Us plugin for WordPress is vulnerable t…4.3
- CVE-2026-13941Inappropriate implementation in SiteSettings in Google Chrom…4.3
- CVE-2026-13942Inappropriate implementation in Video Capture in Google Chro…3.3
- CVE-2026-13943Uninitialized Use in CSS in Google Chrome on Android prior t…6.5
- CVE-2026-13944Inappropriate implementation in DataTransfer in Google Chrom…3.1
- CVE-2026-13945Insufficient policy enforcement in Extensions in Google Chro…3.1
- CVE-2026-13946Inappropriate implementation in ScriptInjections in Google C…4.3
Are you affected by CVE-2026-13940?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
