Description
Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-11
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Google Chrome for Windows contains a use‑after‑free flaw in the Views component that can be triggered by a crafted HTML page. The vulnerability permits a remote attacker to corrupt heap memory, potentially enabling arbitrary code execution. The flaw is classified as CWE‑416, a type of use‑after‑free that directly threatens application integrity and confidentiality, and also as CWE‑825, reflecting the risk of heap corruption.

Affected Systems

Windows users running any Chrome version earlier than 149.0.7827.115 are affected. The issue does not impact other operating systems or newer releases of Chrome.

Risk and Exploitability

The flaw is flagged by Chromium as High severity with a CVSS score of 8.8, but the EPSS score is below 1% and the vulnerability is not listed in the CISA KEV catalog, suggesting it is not yet broadly exploited. Attackers can deliver malicious HTML through a website or phishing email, requiring only that the victim open the page in Chrome. Given the high severity and lack of existing mitigations, the risk to exposed systems is elevated.

Generated by OpenCVE AI on June 22, 2026 at 13:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 149.0.7827.115 or later so the provided fix eliminates the use‑after‑free
  • Enable Chrome’s automatic updates to ensure timely receipt of security patches
  • If an immediate update is not possible, temporarily restrict access to untrusted sites or use Chrome’s safe browsing features to block malicious content until the patch can be applied

Generated by OpenCVE AI on June 22, 2026 at 13:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6344-1 chromium security update
History

Mon, 22 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Title chromium-browser: chromium-browser: Use after free  Views
Weaknesses CWE-825
References
Metrics threat_severity

None

threat_severity

Important


Fri, 12 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows

Fri, 12 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Title Use-After-Free in Chrome Views Allows Potential Heap Corruption

Fri, 12 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 11 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 11 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Title Use-After-Free in Chrome Views Allows Potential Heap Corruption

Thu, 11 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Description Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-12T12:48:34.036Z

Reserved: 2026-06-11T18:16:09.334Z

Link: CVE-2026-12035

cve-icon Vulnrichment

Updated: 2026-06-12T00:44:37.643Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-11T22:16:56.093

Modified: 2026-06-12T17:58:35.643

Link: CVE-2026-12035

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-11T20:48:14Z

Links: CVE-2026-12035 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T13:30:16Z

Weaknesses