Description
Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: Medium)
Published: 2026-06-04
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use after free vulnerability exists in the Network module of Google Chrome prior to version 149.0.7827.53. The flaw allows an attacker to corrupt heap memory through specially crafted network traffic, potentially leading to application crashes or other unstable behavior. The weakness is classified as CWE-416, which addresses improper handling of freed memory. The impact is limited to the compromised browser instance and does not directly expose secrets or allow code execution, but can degrade user experience and reliability.

Affected Systems

The affected product is Google Chrome, a web browser for desktop environments. Versions earlier than 149.0.7827.53 are impacted. No other specifics about build platforms or operating systems are provided in the available data.

Risk and Exploitability

Because no EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, a clear assessment of exploitation likelihood is difficult. However, the description indicates that a remote attacker could send malicious traffic to a Chrome instance to trigger the heap corruption. The typical attack path would involve sending engineered packets over a network the browser is listening on, such as HTTP or HTTPS connections. The attack can be carried out without user interaction, hinting at a network-based exploit vector. The CVSS baseline is not presented, but the Mid‑severity Chromium labeling suggests moderate risk.

Generated by OpenCVE AI on June 5, 2026 at 02:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 149.0.7827.53 or later.
  • Configure the browser to automatically check for and install updates.
  • If an immediate update is not possible, restrict the affected machine’s exposure to untrusted network traffic until a patch becomes available.

Generated by OpenCVE AI on June 5, 2026 at 02:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 05:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
Title Use After Free Heap Corruption via Malicious Network Traffic in Google Chrome

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: Medium)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-05T19:18:42.066Z

Reserved: 2026-06-04T17:06:33.232Z

Link: CVE-2026-11030

cve-icon Vulnrichment

Updated: 2026-06-05T19:17:55.108Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-04T23:17:07.033

Modified: 2026-06-05T20:17:18.680

Link: CVE-2026-11030

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T05:30:32Z

Weaknesses