Description
Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-04
Score: 8.3 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use‑after‑free flaw in Chrome’s Network component that can be triggered from a crafted HTML page. It allows a remote attacker who has already compromised the renderer process to cause a sandbox escape, potentially executing arbitrary code with the privileges of the browser or the host. This is a high‑severity memory‑safety weakness (CWE‑416).

Affected Systems

Google Chrome versions before 149.0.7827.53 on desktop platforms are affected; the bug exists in the Network component of the renderer process.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in KEV, yet its high severity and the ability to escape the sandbox mean a successful exploit could lead to full system compromise. The CVSS score is 8.3. An attacker must first breach the renderer process, a non‑trivial requirement, but the impact once achieved is severe.

Generated by OpenCVE AI on June 5, 2026 at 05:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome to version 149.0.7827.53 or later.
  • Run Chrome with the least privileges necessary, for example by using a dedicated low‑privilege user account or applying OS‑level sandboxing.
  • Monitor renderer processes for crashes or unusual activity and investigate any anomalies that could indicate exploitation attempts.

Generated by OpenCVE AI on June 5, 2026 at 05:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 06:15:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome Network Enables Sandbox Escape via Crafted HTML

Fri, 05 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Fri, 05 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome Network Enables Sandbox Escape via Crafted HTML

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-05T01:43:40.596Z

Reserved: 2026-06-04T17:06:00.846Z

Link: CVE-2026-10905

cve-icon Vulnrichment

Updated: 2026-06-05T01:39:32.819Z

cve-icon NVD

Status : Received

Published: 2026-06-04T23:16:52.313

Modified: 2026-06-05T02:16:53.690

Link: CVE-2026-10905

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T06:00:06Z

Weaknesses