Description
Determined not a vulnerability
Published: 2026-06-11
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free bug exists in Chrome’s Media component on Windows. When a crafted HTML page is processed, it can lead to heap corruption. The CVE notice states that a remote attacker could potentially exploit this corruption. Based on the description, this vulnerability could allow an attacker to execute arbitrary code or otherwise compromise the system, but the impact is not guaranteed. The weakness corresponds to CWE‑416, a memory use‑after‑free issue.

Affected Systems

Google Chrome browsers on Windows prior to version 149.0.7827.115 are affected. Any installation running an older revision that has not been updated by Chrome’s automatic patch mechanism is at risk.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity, and the EPSS score is unavailable. The vulnerability is not listed in the CISA KEV catalog, yet this high score indicates considerable potential danger. The likely attack vector is remote, via a maliciously crafted HTML page opened by a user. An attacker does not need local privileges; the exploit would require the victim to load the vulnerable page.

Generated by OpenCVE AI on June 12, 2026 at 02:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 149.0.7827.115 or newer
  • Enable automatic updates so the system receives future patches automatically
  • Avoid opening untrusted or suspicious HTML content until the browser has been updated

Generated by OpenCVE AI on June 12, 2026 at 02:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6344-1 chromium security update
History

Tue, 16 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Description Use after free in Media in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Determined not a vulnerability

Fri, 12 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows

Fri, 12 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome Media on Windows Causes Heap Corruption

Fri, 12 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 11 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome Media on Windows Causes Heap Corruption

Thu, 11 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 11 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Description Use after free in Media in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

cve-icon MITRE

Status: REJECTED

Assigner: Chrome

Published:

Updated: 2026-06-16T21:22:31.699Z

Reserved: 2026-06-11T18:16:03.891Z

Link: CVE-2026-12013

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Analyzed

Published: 2026-06-11T22:16:53.823

Modified: 2026-06-12T17:12:12.723

Link: CVE-2026-12013

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T03:00:17Z

Weaknesses