Description
Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use after free flaw in Google Chrome's browser component. An attacker who has already compromised the renderer process can craft an HTML page that triggers the use after free, potentially allowing the attacker to escape the browser sandbox and execute code on the host system. This flaw is rated critical in Chromium's severity assessment.

Affected Systems

It affects Google Chrome versions earlier than 150.0.7871.47 on all supported operating systems where the vulnerable renderer component is present. Users running older stable releases without the fix are at risk.

Risk and Exploitability

The issue has a critical severity rating, but no EPSS score is available. It is not listed in CISA's KEV catalog. The attack requires the attacker to already have control over the renderer process, which typically indicates a preceding exploit or compromised content. If such conditions are met, the sandbox escape could lead to arbitrary code execution on the affected system. The inherent complexity of the exploit means it is not trivial, yet the critical nature warrants immediate attention.

Generated by OpenCVE AI on July 1, 2026 at 00:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the Chrome update that includes version 150.0.7871.47 or later
  • Reboot the system to ensure old renderer instances are replaced by the updated version
  • If an update cannot be applied immediately, apply Chrome policy settings to disable loading of unsandboxed or untrusted HTML content and restrict extensions from running privileged code

Generated by OpenCVE AI on July 1, 2026 at 00:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 00:45:00 +0000

Type Values Removed Values Added
Title Use After Free in Chrome Renderer Enables Sandbox Escape

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:30.807Z

Reserved: 2026-06-29T23:03:16.332Z

Link: CVE-2026-13782

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T00:30:06Z

Weaknesses