Description
Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw exists in the Views component of Google Chrome. If an attacker can convince a user to perform specific UI gestures while interacting with a specially crafted HTML page, the resulting heap corruption could compromise the browser’s memory safety. The vulnerability is categorized as CWE‑416, enabling potential read or write of corrupted memory, which could lead to arbitrary code execution within the user’s session.

Affected Systems

Google Chrome browsers with versions prior to 150.0.7871.47 are affected. Users running these outdated releases are at risk until they apply the available update.

Risk and Exploitability

The vulnerability carries Chromium’s critical severity rating. No EPSS score is available and it is not listed in CISA’s KEV database, but the lack of publicly known exploits does not diminish the high risk posed by this memory corruption problem. Once the target browser is tricked into the specific UI gestures defined by the attacker, heap corruption can be achieved, potentially allowing remote code execution on the client machine.

Generated by OpenCVE AI on July 1, 2026 at 01:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Google Chrome to version 150.0.7871.47 or later
  • Enable the browser’s auto‑update feature to receive security patches automatically
  • Avoid opening unfamiliar or suspicious webpages that require frequent UI interactions until the vulnerability is patched

Generated by OpenCVE AI on July 1, 2026 at 01:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 01:30:00 +0000

Type Values Removed Values Added
Title Use-After-Free in Chrome Views Enables Potential Remote Code Execution

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:31.591Z

Reserved: 2026-06-29T23:03:16.846Z

Link: CVE-2026-13784

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T01:15:16Z

Weaknesses