Description
Use after free in WebMIDI in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-28
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Chrome’s WebMIDI implementation on Android contains a use‑after‑free bug that can be triggered from a crafted HTML page. The flaw, classified as CWE-416 (Use After Free) and CWE-825 (Memory Leak), allows an attacker who first gains control of the renderer process to escape the renderer sandbox, potentially executing arbitrary code on the device. The high severity score of 8.3 reflects the significant impact on confidentiality, integrity, and availability of the device.

Affected Systems

The vulnerability affects Google Chrome for Android versions prior to 148.0.7778.216. Devices running these builds that display web content are at risk when encountering maliciously crafted pages. Any user employing such versions of the browser on Android could be exposed.

Risk and Exploitability

The flaw requires a remote attacker to deliver a malicious HTML page that the Chrome renderer can load, first compromising the renderer process, then triggering the use‑after‑free to escape the sandbox. The CVSS score of 8.3 indicates a high risk of unauthorized code execution on the device. The EPSS score is < 1% (0.00032), and the vulnerability is not listed in CISA’s KEV catalog, but the combination of high severity and the requirement of a renderer compromise suggests the attack vector is plausible under the right conditions. Mitigating factors include the need for an initial renderer compromise, which can be addressed by enforcing stricter web content controls or disabling WebMIDI entirely.

Generated by OpenCVE AI on May 29, 2026 at 16:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 148.0.7778.216 or later via the Google Play Store
  • If an update is not immediately available, disable WebMIDI by setting the chrome flag "Enable WebMIDI" to "Disabled" or using enterprise policy to block the feature
  • Apply Android OS security updates and use strict web content restrictions (e.g., MFA, content filtering, or sandboxed browser profiles) to reduce the likelihood of rendering malicious pages

Generated by OpenCVE AI on May 29, 2026 at 16:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Use-After-Free in Chrome WebMIDI Enables Sandbox Escape chromium-browser: Use after free in WebMIDI
Weaknesses CWE-825
References
Metrics threat_severity

None

 cvssV3_1

{'score': 9.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

threat_severity

Important

Fri, 29 May 2026 00:45:00 +0000

Type Values Removed Values Added
Title Use-After-Free in Chrome WebMIDI Enables Sandbox Escape

Thu, 28 May 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Use after free in WebMIDI in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-30T03:56:11.743Z

Reserved: 2026-05-28T17:25:14.465Z

Link: CVE-2026-10014

cve-icon Vulnrichment

Updated: 2026-05-29T12:57:45.943Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-28T23:16:43.233

Modified: 2026-05-29T15:16:21.693

Link: CVE-2026-10014

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-10014 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T17:00:04Z

Weaknesses