Description
Use after free in Media in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-11
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free bug exists in Chrome’s Media component on Windows. When a crafted HTML page is processed, it can lead to heap corruption. The CVE notice states that a remote attacker could potentially exploit this corruption. Based on the description, this vulnerability could allow an attacker to execute arbitrary code or otherwise compromise the system, but the impact is not guaranteed. The weakness corresponds to CWE‑416, a memory use‑after‑free issue.

Affected Systems

Google Chrome browsers on Windows prior to version 149.0.7827.115 are affected. Any installation running an older revision that has not been updated by Chrome’s automatic patch mechanism is at risk.

Risk and Exploitability

The EPSS score is unavailable and the vulnerability is not listed in the CISA KEV catalog, yet the high severity rating indicates considerable potential danger. The likely attack vector is remote, via a maliciously crafted HTML page opened by a user. An attacker does not need local privileges; the exploit would require the victim to load the vulnerable page.

Generated by OpenCVE AI on June 11, 2026 at 23:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 149.0.7827.115 or newer
  • Enable automatic updates so the system receives future patches automatically
  • Avoid opening untrusted or suspicious HTML content until the browser has been updated

Generated by OpenCVE AI on June 11, 2026 at 23:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome Media on Windows Causes Heap Corruption

Thu, 11 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 11 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Description Use after free in Media in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-11T20:48:07.014Z

Reserved: 2026-06-11T18:16:03.891Z

Link: CVE-2026-12013

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-11T22:16:53.823

Modified: 2026-06-11T22:16:53.823

Link: CVE-2026-12013

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T23:15:09Z

Weaknesses