Description
Use after free in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw in Chrome’s Blink rendering engine lets a remote attacker craft a malicious HTML page that triggers the vulnerability and causes arbitrary code to run inside the browser’s sandbox. The flaw is identified as CWE‑416 and is rated High by the Chromium security team, meaning an attacker can execute code without additional privilege escalation.

Affected Systems

Google Chrome browsers on desktop platforms, specifically all builds prior to version 150.0.7871.47, are affected. Users running these earlier releases are vulnerable if they view a malicious web page.

Risk and Exploitability

The vulnerability is listed as High severity but lacks an EPSS score and is not included in the CISA KEV catalog. Attackers can exploit it remotely by delivering a crafted web page, potentially allowing drive‑by execution. No additional conditions such as user interaction or privileged access are required, making the risk significant for any device that can open web content.

Generated by OpenCVE AI on July 1, 2026 at 00:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Google Chrome update (150.0.7871.47 or later).
  • Avoid accessing untrusted or suspicious websites until the patch has been applied.
  • Enable Chrome’s Safe Browsing feature and consider using a script‑blocking extension as a temporary safeguard.

Generated by OpenCVE AI on July 1, 2026 at 00:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 01:00:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome Blink Allows Remote Code Execution via Crafted HTML Page

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:43.285Z

Reserved: 2026-06-29T23:03:24.502Z

Link: CVE-2026-13815

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T00:45:15Z

Weaknesses