Description
Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a remote attacker to potentially exploit type confusion via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-10
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A race condition in the V8 engine of Google Chrome allows a crafted HTML page to trigger type confusion. The inputs do not state the exact exploitation result, but type confusion can lead to memory corruption, potentially enabling remote code execution (inferred) or privilege escalation. The weakness corresponds to CWE-362 and CWE-843. The vulnerability is rated high severity by Chromium security.

Affected Systems

All users of Google Chrome versions prior to 144.0.7559.99 are affected. This includes the stable channel releases of Chrome available on desktop platforms. No specific operating system or architecture is limited in the description.

Risk and Exploitability

The CVSS score is 7.5, indicating a high severity. The attack is remote, relies on a malicious HTML page delivered over the network, and requires the user to load the page in an affected version of Chrome. The EPSS score is <1%, suggesting that exploitation probability is low. The vulnerability is not listed in the CISA KEV catalog, suggesting that no publicly available exploits have been documented at the time of this analysis.

Generated by OpenCVE AI on June 22, 2026 at 13:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install Chrome version 144.0.7559.99 or newer, which contains the V8 race condition fix.
  • Configure enterprise or group‑policy settings to enforce automatic updates and block installation of older Chrome versions.
  • If upgrade is temporarily infeasible, consider disabling JavaScript for untrusted sites or using a web‑filtering solution to block access to potentially malicious pages.

Generated by OpenCVE AI on June 22, 2026 at 13:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6108-1 chromium security update
History

Mon, 22 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Title chromium-browser: chromium-browser: Race in V8
Weaknesses CWE-843
References
Metrics threat_severity

None

threat_severity

Important


Fri, 12 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Wed, 10 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Title Race Condition in V8 Leading to Type Confusion Exploit

Wed, 10 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Title Race Condition in V8 Leading to Type Confusion Exploit
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 10 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 10 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Description Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a remote attacker to potentially exploit type confusion via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-362
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-11T03:55:41.658Z

Reserved: 2026-01-20T04:22:31.895Z

Link: CVE-2026-1220

cve-icon Vulnrichment

Updated: 2026-06-10T20:21:12.938Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-10T20:16:38.643

Modified: 2026-06-12T19:47:09.257

Link: CVE-2026-1220

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-10T19:39:42Z

Links: CVE-2026-1220 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T14:00:18Z

Weaknesses
  • CWE-362

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

  • CWE-843

    Access of Resource Using Incompatible Type ('Type Confusion')