Description
Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free defect in the Bluetooth subsystem of Google Chrome on macOS permits a remote attacker to force a browser process to read or write arbitrary memory, resulting in a sandbox escape and possible code execution with the privileges of the Chrome process, as identified by CWE‑416.

Affected Systems

The flaw affects Google Chrome browsers running on macOS when the version is older than 150.0.7871.47; any build prior to that revision is vulnerable and newer revisions are not impacted.

Risk and Exploitability

Chromium labels the issue as critical, but no CVSS score or EPSS value is publicly available and it is not listed in the CISA KEV catalog. The attack requires the victim to open a specially crafted HTML page and perform certain UI gestures, after which the use‑after‑free can be triggered. If these conditions are met, the attacker can escape the sandbox and execute code with browser‑process privileges.

Generated by OpenCVE AI on July 1, 2026 at 00:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 150.0.7871.47 or later on all macOS machines.
  • If an upgrade cannot be applied immediately, disable Bluetooth in macOS System Preferences to remove the vulnerable subsystem from the attack surface.
  • Advise users to avoid visiting untrusted web pages or performing suspicious UI gestures, and enable web‑filtering or safe‑browsing extensions to reduce exposure.

Generated by OpenCVE AI on July 1, 2026 at 00:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 00:45:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free Leading to Sandbox Escape via Bluetooth in Chrome macOS

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:31.992Z

Reserved: 2026-06-29T23:03:17.115Z

Link: CVE-2026-13785

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T00:30:06Z

Weaknesses