Description
Use after free in Fonts in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-04
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Google Chrome on Linux contains a use‑after‑free bug in font handling that enables an attacker to execute arbitrary code within the browser sandbox. The vulnerability is a typical memory‑corruption flaw, classified as CWE‑416. An attacker who composes a malicious HTML page can trigger the free memory access and run code with the permissions of the sandboxed renderer process.

Affected Systems

Affected devices run Google Chrome for Linux versions earlier than 149.0.7827.53. Updating to 149.0.7827.53 or later eliminates the flaw.

Risk and Exploitability

The CVSS score is 8.8. No EPSS data is available, and the vulnerability is not in the CISA KEV catalog. The likely attack vector would involve delivering a crafted HTML page to a user’s browser, a scenario that is feasible in phishing or compromised web contexts. Because the flaw arises in a sandboxed process, the attacker’s influence is constrained to that sandbox, but arbitrary code execution still represents a high risk privilege level within the browser.

Generated by OpenCVE AI on June 5, 2026 at 05:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 149.0.7827.53 or later via the official update channel or by downloading the latest installer from Google.
  • Restart the system to ensure the updated browser binary is launched.
  • If automatic updates are disabled, manually configure Chrome to receive updates or schedule regular manual updates to avoid falling back to a vulnerable release.

Generated by OpenCVE AI on June 5, 2026 at 05:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 05:30:00 +0000

Type Values Removed Values Added
Title Use After Free in Font Handling Enables Remote Code Execution in Chrome on Linux

Fri, 05 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
Title Use After Free in Font Handling Enables Remote Code Execution in Chrome on Linux

Fri, 05 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Fonts in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-05T00:29:21.006Z

Reserved: 2026-06-04T17:06:26.028Z

Link: CVE-2026-11000

cve-icon Vulnrichment

Updated: 2026-06-05T00:25:23.327Z

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:03.720

Modified: 2026-06-05T02:17:03.897

Link: CVE-2026-11000

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T05:15:25Z

Weaknesses