Description
Use after free in PerformanceManager in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-28
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use after free flaw in PerformanceManager occurs when the renderer process frees an object that is still referenced, allowing a malicious actor with control over the renderer to read or write arbitrary memory. This can lead to a sandbox escape, giving the attacker the ability to execute code outside the renderer’s restricted environment and potentially compromise the entire system. The weakness is classified as CWE‑416 and CWE‑825, a memory‑management issue that permits misuse of freed memory.

Affected Systems

Google Chrome versions before 148.0.7778.216 are affected. Users running the stable desktop channel of Chrome that has not yet updated past this build are at risk. Later releases in Chrome’s stable, beta, and dev channels include the fix and are not vulnerable.

Risk and Exploitability

The vulnerability has a CVSS score of 8.3, a high severity rating, and is not listed in the CISA KEV catalog, indicating that active exploits are not widely reported. Its exploitability relies on an attacker being able to deliver a crafted HTML page to a renderer process that has already been compromised, which is a realistic scenario in the context of web browsing or malicious extensions. The EPSS score of < 1% indicates a very low exploitation probability, but the potential for sandbox escape gives the vulnerability a high overall risk. Prompt remediation is advised.

Generated by OpenCVE AI on May 29, 2026 at 16:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 148.0.7778.216 or newer, which contains the fix for the use after free in PerformanceManager.
  • Configure the browser to enforce automatic updates so that future security patches are applied without manual intervention.
  • Disable or remove untrusted extensions and restrict web content to trusted sites to limit the opportunity for malicious HTML to reach the renderer process.

Generated by OpenCVE AI on May 29, 2026 at 16:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Fri, 29 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Use After Free in PerformanceManager Enabling Potential Sandbox Escape chromium-browser: Use after free in PerformanceManager
Weaknesses CWE-825
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N'}

threat_severity

Important

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 28 May 2026 23:45:00 +0000

Type Values Removed Values Added
Title Use After Free in PerformanceManager Enabling Potential Sandbox Escape

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Use after free in PerformanceManager in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-29T14:32:37.761Z

Reserved: 2026-05-28T17:25:11.560Z

Link: CVE-2026-10001

cve-icon Vulnrichment

Updated: 2026-05-29T14:32:18.372Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T23:16:41.863

Modified: 2026-05-29T17:40:36.683

Link: CVE-2026-10001

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-10001 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T16:30:02Z

Weaknesses