Description
Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Published: 2026-06-04
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free bug in the network component of Google Chrome allows a remote attacker to execute arbitrary code by delivering a specially crafted HTML page. This issue is rated critical in Chromium’s internal severity scale, indicating that successful exploitation can lead to full system compromise, including data theft or further lateral movement.

Affected Systems

The vulnerability affects all installations of Google Chrome up to, but not including, version 149.0.7827.53. Any machine running one of these versions on supported operating systems and browsing the web is potentially exposed.

Risk and Exploitability

Because the flaw is triggered by malicious web content, the attack vector is likely a URL or embedded resource delivered through a browser session. The CVSS score of 8.8 confirms a high level of severity, though no EPSS score is available, so the likelihood assessment relies on the absence of public exploit evidence. The vulnerability is not listed in the CISA KEV catalog; however, the custom severity and the nature of the flaw suggest that entities with high exposure should treat this risk as imminent.

Generated by OpenCVE AI on June 5, 2026 at 05:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the Chrome update that supersedes 149.0.7827.53 or later
  • If an update cannot be applied immediately, temporarily prevent Chrome from accessing remote content by disabling the browser or applying web‑content filtering
  • Ensure that any custom network traffic being processed by Chrome is channeled through a hardened sandbox or firewall rules to mitigate additional exploitation risk

Generated by OpenCVE AI on June 5, 2026 at 05:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 05:45:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Use-After-Use-Freedom in Chrome Network

Fri, 05 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-05T00:34:41.527Z

Reserved: 2026-06-04T17:05:54.920Z

Link: CVE-2026-10882

cve-icon Vulnrichment

Updated: 2026-06-05T00:26:59.957Z

cve-icon NVD

Status : Received

Published: 2026-06-04T23:16:49.520

Modified: 2026-06-05T02:16:50.497

Link: CVE-2026-10882

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T05:30:32Z

Weaknesses