Description
Use after free in MimeHandlerView in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-04
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use‑after‑free bug in the MimeHandlerView component of Google Chrome, which allows a remote attacker to trigger arbitrary code execution in the browser’s sandbox environment through a specially crafted HTML page. It is inferred that the flaw exploits a dangling pointer after the MimeHandlerView object has been freed, enabling the attacker to perform operations that would otherwise be confined to the sandbox. An attacker could gain complete control over the sandboxed process, potentially leaking sensitive data, modifying the browsing session, or foisting further attacks on the user’s system.

Affected Systems

Chrome browsers released before the 149.0.7827.53 patch are affected. The issue applies to the stable channel of Google Chrome for desktop platforms. Production installations that have not yet received the 149.0.7827.53 update remain vulnerable.

Risk and Exploitability

The vulnerability has a CVSS score of 8.8, indicating a high severity rating. It is rated as a remote code execution vector and has an EPSS score of < 1%, indicating an extremely low but non‑zero likelihood of exploitation; it is not listed in the CISA KEV catalog. It is inferred that the attack can be carried out by hosting a malicious HTML file or tricking a user into visiting a compromised website, with the exploit unfolding entirely within the browser sandbox. It is inferred that while the sandbox limits damage to the browser process, an attacker who successfully gains execution could pivot or exfiltrate data from the affected machine.

Generated by OpenCVE AI on June 7, 2026 at 16:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome to version 149.0.7827.53 or newer on all affected devices – this patch fixes the use‑after‑free flaw identified as CWE‑416.
  • In Chrome Enterprise environments, enforce automatic update policies to ensure all clients receive the patch in a timely manner.
  • As a temporary measure, disable or restrict handling of MIME types that trigger the vulnerable component (such as image/svg+xml) via enterprise policy until the patch is applied, thereby reducing the risk of a use‑after‑free exploit.
  • Ensure all installed extensions and third‑party plugins are updated to their latest versions; older versions may recreate the vulnerable MimeHandlerView instance and reintroduce CWE‑416 vulnerabilities.

Generated by OpenCVE AI on June 7, 2026 at 16:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6325-1 chromium security update
History

Tue, 09 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Sun, 07 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Title Use After Free in Chrome's MimeHandlerView Enables Remote Code Execution Within Sandbox chromium-browser: Use after free in MimeHandlerView
Weaknesses CWE-825
References
Metrics threat_severity

None

 threat_severity

Important

Fri, 05 Jun 2026 05:00:00 +0000

Type Values Removed Values Added
Title Use After Free in Chrome's MimeHandlerView Enables Remote Code Execution Within Sandbox

Fri, 05 Jun 2026 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in MimeHandlerView in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-06T03:57:00.445Z

Reserved: 2026-06-04T17:06:15.208Z

Link: CVE-2026-10956

cve-icon Vulnrichment

Updated: 2026-06-05T00:25:54.337Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-04T23:16:58.560

Modified: 2026-06-09T18:48:45.930

Link: CVE-2026-10956

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-02T00:00:00Z

Links: CVE-2026-10956 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-07T17:00:05Z

Weaknesses