Description
Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a remote attacker to potentially exploit type confusion via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-10
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A race condition in the V8 engine of Google Chrome allows a crafted HTML page to trigger type confusion. The inputs do not state the exact exploitation result, but type confusion can lead to memory corruption, potentially enabling remote code execution or privilege escalation. The weakness corresponds to CWE-362. The vulnerability is rated high severity by Chromium security.

Affected Systems

All users of Google Chrome versions prior to 144.0.7559.99 are affected. This includes the stable channel releases of Chrome available on desktop platforms. No specific operating system or architecture is limited in the description.

Risk and Exploitability

Because the CVSS score is not provided and no EPSS data is available, the precise risk level cannot be quantified from the CVE entry. The attack is remote, relies on a malicious HTML page delivered over the network, and requires the user to load the page in an affected version of Chrome. The vulnerability is not listed in the CISA KEV catalog, suggesting that no publicly available exploits have been documented at the time of this analysis.

Generated by OpenCVE AI on June 10, 2026 at 21:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install Chrome version 144.0.7559.99 or newer, which contains the V8 race condition fix.
  • Configure enterprise or group‑policy settings to enforce automatic updates and block installation of older Chrome versions.
  • If upgrade is temporarily infeasible, consider disabling JavaScript for untrusted sites or using a web‑filtering solution to block access to potentially malicious pages.

Generated by OpenCVE AI on June 10, 2026 at 21:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6108-1 chromium security update
History

Wed, 10 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Title Race Condition in V8 Leading to Type Confusion Exploit
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 10 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Description Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a remote attacker to potentially exploit type confusion via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-362
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-10T20:25:27.409Z

Reserved: 2026-01-20T04:22:31.895Z

Link: CVE-2026-1220

cve-icon Vulnrichment

Updated: 2026-06-10T20:21:12.938Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-10T20:16:38.643

Modified: 2026-06-10T22:16:55.777

Link: CVE-2026-1220

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T21:30:36Z

Weaknesses