Description
Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-04
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw in the V8 JavaScript engine allows a remote attacker who convinces a user to perform specific UI gestures to execute arbitrary code inside the sandbox. The weakness is a classic memory safety error (CWE‑416) that gives the attacker execution control after a freed object is reused. The impact is confined to the browser's sandbox but still permits attacker‑selected code execution, bypassing many of the browser’s security protections.

Affected Systems

The vulnerability affects Google Chrome browsers running any version prior to 149.0.7827.53. Users of earlier stable channel builds are exposed; newer releases have the fix applied.

Risk and Exploitability

The exploit requires social engineering or a malicious web page to prompt the user into the triggering gestures. No evidence of active exploitation is reported and the vulnerability is not listed in the CISA KEV catalog. The EPSS score is not available, so the likelihood is unclear, but the medium severity rating indicates a moderate risk if the browser is used normally. Attackers can launch code execution inside the sandbox, making the threat significant enough to warrant a patch but unlikely to cause site‑wide compromise without persistence mechanisms.

Generated by OpenCVE AI on June 5, 2026 at 05:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 149.0.7827.53 or later.
  • Enable automatic updates in Chrome to receive the fix as soon as it is released.
  • Until the update is applied, avoid clicking on suspicious links or visiting untrusted websites that might trigger the required UI gestures.

Generated by OpenCVE AI on June 5, 2026 at 05:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 06:00:00 +0000

Type Values Removed Values Added
Title V8 use‑after‑free allows sandboxed code execution via crafted HTML

Fri, 05 Jun 2026 04:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
Title V8 use‑after‑free allows sandboxed code execution via crafted HTML

Fri, 05 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-05T00:31:20.750Z

Reserved: 2026-06-04T17:06:23.881Z

Link: CVE-2026-10991

cve-icon Vulnrichment

Updated: 2026-06-05T00:25:27.695Z

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:02.533

Modified: 2026-06-05T02:17:03.653

Link: CVE-2026-10991

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T05:45:33Z

Weaknesses