CVE-2026-10973
published 2026-06-04CVE-2026-10973: Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium…
PriorityP351high7.4CVSS 3.1
AVNACLPRNUIRSCCHINAN
EXPLOIT
EPSS
0.98%
57.9th percentile
Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | < 149.0.7827.53 | 149.0.7827.53 | |
| chrome | >= 149.0.7827.53 < 149.0.7827.53 | 149.0.7827.53 | |
| chrome_desktop | — | — |
CVSS provenance
nvdv3.17.4HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
vendor_redhat7.4HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Chrome
Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2026-10973
vendor_chrome·2026-06-17
CVE-2026-10973 Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2026-10973
Stable Channel Update for ChromeOS / ChromeOS Flex
CVE-2026-10973
Red Hat
chromium-browser: Uninitialized Use in Dawn
vendor_redhat·2026-06-02·CVSS 7.4
CVE-2026-10973 [HIGH] CWE-824 chromium-browser: Uninitialized Use in Dawn
chromium-browser: Uninitialized Use in Dawn
Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
An uninitialized use flaw was found in the Dawn component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=513042859
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Chrome
Stable Channel Update for Desktop: CVE-2026-10971
vendor_chrome·2026-06-02
CVE-2026-10971 [HIGH] Stable Channel Update for Desktop: CVE-2026-10971
Stable Channel Update for Desktop
CVE-2026-10971: Insufficient validation of untrusted input in Printing. Reported by Google on 2026-05-14 [N/A][ 513006660 ] High CVE-2026-10972: Use after free in Ozone
Reported by Google on 2026-05-14 [N/A][ 513042859 ] High CVE-2026-10973: Uninitialized Use in Dawn
Severity: high
GHSA
Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ghsa_unreviewed·2026-06-05
CVE-2026-10973 [HIGH] CWE-457 Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
No detection rules found.
Nuclei
Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2016-10973 [MEDIUM] Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting
Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting
The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.
Template:
id: CVE-2016-10973
info:
name: Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting
author: Harsh
severity: medium
description: |
The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
remediation: |
Upgrade to the latest version of the Brafton WordPress Plug
2026-06-04
Published