CVE-2026-7999
V8 Memory Exposure in Google Chrome
Publication date: 2026-05-06
Last updated on: 2026-05-07
Assigner: Chrome
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chrome | to 148.0.7778.96 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Such unauthorized disclosure of sensitive information could potentially impact compliance with data protection regulations like GDPR and HIPAA, which require protection of sensitive data against unauthorized access.
However, the CVE description does not provide specific details on the nature or extent of the sensitive information exposed, nor does it explicitly address compliance implications.
Can you explain this vulnerability to me?
This vulnerability is an inappropriate implementation in the V8 engine of Google Chrome versions prior to 148.0.7778.96. It allows a remote attacker to obtain potentially sensitive information from the process memory by using a specially crafted HTML page.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing a remote attacker to access potentially sensitive information stored in the process memory of your browser. This could lead to unauthorized disclosure of data that might be accessible through the browser's memory.