Description
Use after free in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-04
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw in Chrome’s Glic library allows a remote attacker who has already compromised the renderer process to potentially escape the process sandbox via a crafted HTML page, which could enable arbitrary code execution.

Affected Systems

The vulnerability affects Google Chrome on all platforms when the browser version is older than 149.0.7827.53. Users that have not installed the update remain vulnerable; no other vendors or products are listed as affected.

Risk and Exploitability

The flaw has a CVSS score of 8.3, indicating high severity, while the EPSS score of <1% reflects a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to first compromise the renderer process, which can occur through malicious web content. A successful exploit may allow the attacker to escape the sandbox and execute arbitrary code on the host system.

Generated by OpenCVE AI on June 6, 2026 at 18:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome to version 149.0.7827.53 or later.
  • Ensure Chrome is not launched with the '--no-sandbox' flag or other options that disable sandboxing.
  • Review or disable extensions and plugins that may grant renderer access.

Generated by OpenCVE AI on June 6, 2026 at 18:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 06 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Title Use-after-free in Chrome Glic Enables Sandbox Escape

Sat, 06 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Sat, 06 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Use-After-Free in Chrome’s Glic Enables Potential Sandbox Escape

Sat, 06 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Fri, 05 Jun 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
Title Use-After-Free in Chrome’s Glic Enables Potential Sandbox Escape

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-06T16:42:21.435Z

Reserved: 2026-06-04T17:06:23.657Z

Link: CVE-2026-10990

cve-icon Vulnrichment

Updated: 2026-06-06T16:40:16.634Z

cve-icon NVD

Status : Modified

Published: 2026-06-04T23:17:02.427

Modified: 2026-06-06T17:16:39.740

Link: CVE-2026-10990

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-06T18:30:26Z

Weaknesses