Description
Use after free in Core in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-04
Score: 8.3 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a use‑after‑free flaw in Chrome’s core on iOS. When a renderer process is already compromised, an attacker can host a specially crafted HTML page that triggers the memory bug, potentially breaking out of the renderer sandbox. The resulting sandbox escape allows execution of arbitrary code with elevated privileges, impacting confidentiality, integrity, and availability of the device. The weakness corresponds to CWE‑416, a classic memory corruption issue.

Affected Systems

Google Chrome on iOS versions earlier than 149.0.7827.53 are affected. The flaw is present in the stable channel for iOS; versions 149.0.7827.53 and newer contain the fix. No other variants or platforms are listed.

Risk and Exploitability

Chromium classifies the issue as high severity, with a CVSS score of 8.3. EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires a compromised renderer, but the code‑path to escape the sandbox is fully exercised by a maliciously crafted HTML document. Attackers would need to deliver this page to the user’s device, typically via a malicious or compromised website. Given the limited vector and lack of publicly available exploits, the immediate risk is moderate, but the potential impact of sandbox escape is significant.

Generated by OpenCVE AI on June 5, 2026 at 05:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome for iOS to version 149.0.7827.53 or later via the official update channel.
  • If an update is not yet available, uninstall or disable Chrome until the patch is installed to eliminate the attack surface.
  • Enable automatic updates or subscribe to Chrome release announcements so that future fixes are applied promptly.

Generated by OpenCVE AI on June 5, 2026 at 05:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 06:15:00 +0000

Type Values Removed Values Added
Title Use-After-Free Leading to Sandbox Escape in Google Chrome on iOS

Fri, 05 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Title Use-After-Free Leading to Sandbox Escape in Google Chrome on iOS

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Core in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-05T01:42:39.111Z

Reserved: 2026-06-04T17:06:05.143Z

Link: CVE-2026-10915

cve-icon Vulnrichment

Updated: 2026-06-05T01:39:13.625Z

cve-icon NVD

Status : Received

Published: 2026-06-04T23:16:53.593

Modified: 2026-06-05T02:16:55.310

Link: CVE-2026-10915

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T06:00:06Z

Weaknesses