Description
Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Google Chrome before version 149.0.7827.53 contains a use‑after‑free bug in the Input module. A maliciously crafted HTML page can trigger the defect and potentially allow the attacker to escape the browser sandbox, moving from a restricted execution context into higher‑privilege code execution. The flaw is a classic memory corruption vulnerability identified as CWE‑416.

Affected Systems

The vulnerability affects all installations of Google Chrome older than 149.0.7827.53, regardless of platform. Any user who visits a maliciously forged HTML page while running an affected version is at risk.

Risk and Exploitability

While the Chromium project rates the severity as low, the need for a malicious page to be loaded by a user limits its exposure. EPSS is not available, and the issue is not listed in CISA’s KEV catalog, indicating no known widespread exploitation at this time. Nevertheless, if an attacker controls the content or can coerce a user into loading the payload, sandbox escape could lead to compromise of the host system.

Generated by OpenCVE AI on June 5, 2026 at 01:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 149.0.7827.53 or later.
  • Ensure that Chrome’s automatic update feature is enabled so future security patches are applied promptly.
  • Disable or restrict third‑party extensions via enterprise policy to reduce the attack surface.

Generated by OpenCVE AI on June 5, 2026 at 01:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
Title Use‑after‑free in Chrome Input Enables Sandbox Escape

Fri, 05 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 04 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Description Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-04T23:06:21.796Z

Reserved: 2026-06-04T17:11:17.774Z

Link: CVE-2026-11293

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-05T00:17:06.967

Modified: 2026-06-05T00:17:06.967

Link: CVE-2026-11293

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T01:30:25Z

Weaknesses