Description
Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-17
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a standard use‑after‑free flaw (CWE‑416) that can be triggered in the extensions subsystem of Google Chrome when the renderer process has already been compromised. When the flaw is exercised, a maliciously crafted HTML page can cause the renderer to access freed memory, potentially allowing the attacker to break out of the process sandbox and execute code with elevated privileges on the host operating system. The impact is a loss of isolation between sandboxed web content and the rest of the system, leading to potential full system compromise if an attacker exploits the flaw.

Affected Systems

All users running Google Chrome versions earlier than 149.0.7827.155 are affected. The flaw resides in the extensions handling code and affects every installation that enables Chrome extensions on the affected release channel. Specific versions listed in the CNA are only the affected minimum, implying that earlier releases include the same vulnerability.

Risk and Exploitability

The CVSS score is 8.3, indicating high severity, while the EPSS score is below 1%, showing a very low but nonzero likelihood of exploitation in the wild. It is not listed in the CISA KEV catalog, suggesting no confirmed widespread exploitation yet. The attack vector is inferred to require a remote attacker who can influence the renderer process, such as through malicious web content or a compromised extension, and then deliver a crafted HTML page that triggers the use‑after‑free exploit.

Generated by OpenCVE AI on June 18, 2026 at 21:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 149.0.7827.155 or later, which contains the security fix for the use‑after‑free flaw.
  • Disable or uninstall all Chrome extensions until the update is applied, reducing the attack surface for a compromised renderer.
  • Ensure that untrusted web pages are accessed from a segregated browser profile or a separate device to limit potential damage if a sandbox escape occurs.

Generated by OpenCVE AI on June 18, 2026 at 21:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6351-1 chromium security update
History

Thu, 18 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Title Chrome Extension Use-After-Free Leading to Potential Sandbox Escape

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Chrome Extension Use-After-Free Leading to Potential Sandbox Escape
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 17 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Description Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-18T03:55:31.001Z

Reserved: 2026-06-16T19:38:33.831Z

Link: CVE-2026-12467

cve-icon Vulnrichment

Updated: 2026-06-17T13:20:53.623Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T21:30:16Z

Weaknesses