Description
Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-11
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Google Chrome for Windows contains a use‑after‑free flaw in the Views component that can be triggered by a crafted HTML page. The vulnerability permits a remote attacker to corrupt heap memory, potentially enabling arbitrary code execution. The flaw is classified as CWE‑416, a type of use‑after‑free that directly threatens application integrity and confidentiality.

Affected Systems

Windows users running any Chrome version earlier than 149.0.7827.115 are affected. The issue does not impact other operating systems or newer releases of Chrome.

Risk and Exploitability

The flaw is flagged by Chromium as High severity, but no EPSS score is currently available and the vulnerability is not listed in the CISA KEV catalog, suggesting it is not yet broadly exploited. Attackers can deliver malicious HTML through a website or phishing email, requiring only that the victim open the page in Chrome. Given the high severity and the lack of existing mitigations, the risk to exposed systems is elevated.

Generated by OpenCVE AI on June 11, 2026 at 22:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 149.0.7827.115 or later so the provided fix eliminates the use‑after‑free
  • Enable Chrome’s automatic updates to ensure timely receipt of security patches
  • If an immediate update is not possible, temporarily restrict access to untrusted sites or use Chrome’s safe browsing features to block malicious content until the patch can be applied

Generated by OpenCVE AI on June 11, 2026 at 22:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 11 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Title Use-After-Free in Chrome Views Allows Potential Heap Corruption

Thu, 11 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Description Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-11T20:48:14.839Z

Reserved: 2026-06-11T18:16:09.334Z

Link: CVE-2026-12035

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-11T22:16:56.093

Modified: 2026-06-11T22:16:56.093

Link: CVE-2026-12035

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T23:15:09Z

Weaknesses