Description
Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
Published: 2026-06-24
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free fault exists in Chrome’s Web Authentication subsystem in builds older than 149.0.7827.197. When a user installs a specially crafted extension, the code may access deallocated memory, which can corrupt the heap. The vulnerability does not claim that this corruption leads to arbitrary code execution; the primary risk is memory corruption that could cause application crashes, data loss, or other unintended behavior.

Affected Systems

All Google Chrome installations older than version 149.0.7827.197 are affected. The bug was patched in the June 2026 stable channel update, so any compliant environment that has applied the July 2026 update is no longer vulnerable.

Risk and Exploitability

The problem carries a CVSS score of 7.5 and an EPSS probability of less than 1%, indicating low practical exploit likelihood. It is not listed in the CISA KEV catalog. The exploitation path requires a user to voluntarily install a malicious extension; there is no evidence that the weakness can be triggered remotely or without user interaction. Thus the risk hinges on social engineering or malicious supply chain attacks to deliver the extension.

Generated by OpenCVE AI on June 30, 2026 at 01:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome to version 149.0.7827.197 or later
  • Restrict Chrome extensions to those approved by the Chrome Web Store via enterprise policy
  • Remove non‑essential extensions and block installation of unsigned or unverified extensions

Generated by OpenCVE AI on June 30, 2026 at 01:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4654-1 chromium security update
Debian DSA Debian DSA DSA-6364-1 chromium security update
History

Tue, 30 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
Title chromium-browser: chromium-browser: Use after free in Web Authentication
Weaknesses CWE-825
References
Metrics threat_severity

None

threat_severity

Important


Thu, 25 Jun 2026 06:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 24 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Web Authentication Enabling Heap Corruption via Malicious Chrome Extension

Wed, 24 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Web Authentication Enabling Heap Corruption via Malicious Chrome Extension

Wed, 24 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 24 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Description Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
Weaknesses CWE-416
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-25T03:55:42.855Z

Reserved: 2026-06-23T17:14:10.450Z

Link: CVE-2026-13029

cve-icon Vulnrichment

Updated: 2026-06-24T19:31:53.813Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-24T18:43:17Z

Links: CVE-2026-13029 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T02:00:05Z

Weaknesses