Primary

Context

Google Chrome Uninitialized Use Vulnerability in Codecs Allowing Cross-Origin Data Leak

Vulnerability

Patched

A vulnerability in Google Chrome's handling of video files on Linux and ChromeOS, prior to version 149.0.7827.103, allows remote attackers to leak cross-origin data. This issue arises from an uninitialized use in the codecs component, which could be exploited by crafting a specific video file.

Impact

Exploitation of this vulnerability could lead to unauthorized access to cross-origin data, potentially allowing attackers to bypass same-origin policies and access sensitive information from other origins.

Remediation

Users can update to Google Chrome version 149.0.7827.103 or later to address this vulnerability.

Added: Jun 9, 2026, 12:50 AM

Updated: Jun 9, 2026, 12:50 AM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.0

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.0

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Google Chrome Uninitialized Use Vulnerability in Codecs Allowing Cross-Origin Data Leak

Vulnerability

Impact

Remediation

Affected Products

Google Chrome

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating