Description
Use after free in CameraCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-08
Score: 9.6 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw exists in Chrome’s CameraCapture component on macOS, allowing a maliciously crafted HTML page to trigger a sandbox escape that can lead to remote code execution by a web attacker. The vulnerability permits an attacker to dereference freed memory and exploit the resulting undefined behavior to break the browser’s isolation mechanisms. The highest severity rating is given for this flaw.

Affected Systems

Google Chrome for macOS users running any version prior to 149.0.7827.103 is impacted. The flaw is specific to the stable channel builds of Chrome on the Mac platform and does not affect other operating systems or older Chrome releases.

Risk and Exploitability

The CVE receives a CVSS score of 9.6, indicating very high severity. No EPSS information is currently available, and it is not listed in the CISA KEV catalog. The most likely attack requires a remote victim to open a malicious HTML page, which could be delivered via a compromised website, email attachment, or embedded content. If the vulnerability is successfully exploited, the attacker can escape the browser sandbox and potentially execute arbitrary code with the privileges of the logged‑in user.

Generated by OpenCVE AI on June 9, 2026 at 12:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 149.0.7827.103 or later to apply the patch that frees the CameraCapture memory correctly.
  • Disable the camera feature in Chrome or stop using camera input until the update is installed to reduce the attack surface for the exploit.
  • Subscribe to Google Chrome release notes or enable automatic updates so that any future security patches are received promptly.

Generated by OpenCVE AI on June 9, 2026 at 12:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 09 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
Title Use-After-Free in Camera Capture Allows Sandbox Escape on Chrome for Mac

Tue, 09 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
Title Use-After-Free in Camera Capture Allows Sandbox Escape on Chrome for Mac
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Mon, 08 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Description Use after free in CameraCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Apple Macos
Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-09T10:42:51.702Z

Reserved: 2026-06-08T21:33:41.289Z

Link: CVE-2026-11654

cve-icon Vulnrichment

Updated: 2026-06-09T10:42:47.671Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-09T00:16:48.360

Modified: 2026-06-09T14:57:28.973

Link: CVE-2026-11654

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T13:00:05Z

Weaknesses