Description
Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a use-after-free bug in Chrome's GPU component that allows an attacker who has already compromised the renderer process to escape the browser sandbox and execute arbitrary code on the host operating system. This vulnerability falls under CWE-416 and carries the potential for total system compromise.

Affected Systems

Google Chrome browsers with versions earlier than 150.0.7871.47 on all supported platforms are affected. Any system running a vulnerable Chrome build remains at risk until the patch is installed.

Risk and Exploitability

Chromium labels the issue as High severity, but no CVSS or EPSS value is available, and the vulnerability is not listed in CISA KEV. Exploitation requires an attacker to deliver a crafted HTML page that can compromise the renderer; this typically demands either prior exploitation of another flaw or a user visiting malicious content. Given the high impact and the lack of mitigation outside of patching, the threat to exposed systems is significant.

Generated by OpenCVE AI on July 1, 2026 at 00:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome to version 150.0.7871.47 or later.
  • If an immediate upgrade is not possible, launch Chrome with the "--disable-gpu" flag to bypass the vulnerable GPU code path.
  • Ensure that individuals who run Chrome do so under accounts with the least privileges required for their duties and that OS-level sandboxing or application whitelisting is employed to restrict potential damage from a sandbox escape.

Generated by OpenCVE AI on July 1, 2026 at 00:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 00:45:00 +0000

Type Values Removed Values Added
Title Use-After-Free in Chrome GPU Allows Sandbox Escape

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:33.559Z

Reserved: 2026-06-29T23:03:18.117Z

Link: CVE-2026-13789

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T00:30:06Z

Weaknesses