Description
Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-28
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free vulnerability in the Skia graphics library used by Google Chrome allows a remote attacker who has already compromised the renderer process to trigger a sandbox escape. The flaw uses the freed memory of a Skia object and can be triggered by a specially crafted HTML page sent to the renderer, potentially enabling the attacker to execute code with higher privileges than the renderer process. Because the renderer is sandboxed, escaping the sandbox would undermine Chrome’s core security boundary and could lead to full system compromise on the affected platform.

Affected Systems

All installations of Google Chrome older than version 148.0.7778.216 are vulnerable. No specific operating system distribution is singled out in the advisory, so the risk applies universally to Chrome users on Windows, macOS, Linux, and any other platform that runs the affected browser build.

Risk and Exploitability

The CVSS score is 8.3, indicating high severity. No publicly available exploit is known, and the EPSS score is < 1%, indicating a very low likelihood of immediate exploitation. However, if an attacker is able to compromise the renderer—either by exploiting another vulnerability or through user‑interaction—then this defect offers a path to escape the process sandbox and could lead to arbitrary code execution on the host. The vulnerability is not listed in the CISA KEV catalog, suggesting that it has not yet been widely exploited in the wild.

Generated by OpenCVE AI on May 29, 2026 at 16:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install Chrome version 148.0.7778.216 or later, which includes the Skia fix and patches the use‑after‑free bug
  • Confirm that the Chrome sandbox is enabled; this is the default but verify that no service‑specific sandbox policies have been disabled
  • If an immediate update is not possible, run Chrome inside a container or with strong host‑level sandboxing to limit the impact of a potential escape

Generated by OpenCVE AI on May 29, 2026 at 16:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Fri, 29 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Skia Allows Sandbox Escape in Google Chrome chromium-browser: Use after free in Skia
Weaknesses CWE-364
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

threat_severity

Important

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Skia Allows Sandbox Escape in Google Chrome
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-29T14:31:30.422Z

Reserved: 2026-05-28T17:25:14.010Z

Link: CVE-2026-10012

cve-icon Vulnrichment

Updated: 2026-05-29T14:31:19.726Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T23:16:43.030

Modified: 2026-05-29T17:17:22.623

Link: CVE-2026-10012

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-10012 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T17:00:04Z

Weaknesses