CVE-2026-10998

4.0 MEDIUM

Out of bounds read in Media in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform an out of...

Published: 2026-06-04 · Last updated: 2026-06-06

Severity and scoring

CVSS: 4.0 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-125

Affected products

Vendor	Product
google	chrome

Description

Out of bounds read in Media in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform an out of bounds memory read via malicious network traffic. (Chromium security severity: Medium)

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10998
[Vendor advisory]https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
[Other]https://issues.chromium.org/issues/486536242

Related CVEs

Same vendor

CVE-2026-11701 — Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via ... (5.4 MEDIUM)
CVE-2026-11700 — Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to ... (8.3 HIGH)
CVE-2026-11699 — Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corrupt... (8.8 HIGH)
CVE-2026-11698 — Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corrupt... (8.8 HIGH)
CVE-2026-11697 — Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perfor... (9.6 CRITICAL)

Same CWE

CVE-2026-12033 — Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process... (5.3 MEDIUM)
CVE-2026-12026 — Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the render...
CVE-2026-52859 — Vim is an open source, command line text editor
CVE-2026-47166 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.7 MEDIUM)
CVE-2026-45624 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.1 MEDIUM)