Description
Use after free in WebShare in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use‑after‑free flaw in WebShare that can allow a sandbox escape through a crafted HTML page, if the attacker has already compromised the renderer process. The flaw could enable an attacker to gain higher privileges or execute code beyond the normal browser sandbox, threatening the confidentiality and integrity of the device. This weakness is categorized as CWE‑416.

Affected Systems

Google Chrome, as used on Android devices, is affected in all versions prior to 149.0.7827.53. The issue was reported for the stable channel and applies to the renderer component of Chrome on Android.

Risk and Exploitability

The official Chromium severity is Medium and no EPSS score is available, making the precise exploitation probability uncertain. The vulnerability is not listed in CISA KEV. The likely attack vector involves a crafted HTML page that triggers the use‑after‑free once the renderer process has been compromised, a path that would typically require the attacker to already have some foothold in the browser environment.

Generated by OpenCVE AI on June 5, 2026 at 04:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome on Android to version 149.0.7827.53 or later.
  • Limit exposure by disabling the WebShare feature or restricting it to trusted sources through device policy or Chrome settings.
  • Keep the operating system and other applications up‑to‑date to reduce the chance of renderer process compromise.

Generated by OpenCVE AI on June 5, 2026 at 04:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Use After Free in WebShare Enables Sandbox Escape via Crafted HTML

Fri, 05 Jun 2026 04:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in WebShare in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:04:18.842Z

Reserved: 2026-06-04T17:06:28.439Z

Link: CVE-2026-11010

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T23:17:04.843

Modified: 2026-06-04T23:17:04.843

Link: CVE-2026-11010

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T04:30:31Z

Weaknesses