Description
Use after free in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a use‑after‑free flaw in the Glic component of Google Chrome that can allow an attacker who has compromised the renderer process to potentially escape the browser sandbox. The flaw enables the execution of arbitrary code with the privileges of the renderer process, which can lead to full system compromise if the sandbox is successfully bypassed. The weakness is classified as CWE‑416 and is rated as high severity by Chromium.

Affected Systems

Google Chrome versions older than 150.0.7871.47 are affected. The issue exists in the stable channel releases prior to that revision. Only users running those versions and visiting crafted web pages are exposed until the issue is patched.

Risk and Exploitability

The EPSS score for this vulnerability is not available, and it is not listed in the CISA KEV catalog. Chromium assigns it a high severity rating. The attack likely originates from a malicious or compromised HTML page that is rendered in a renderer process already compromised by other means. An attacker would need to supply a specially crafted page to the vulnerable renderer, which is a remote exploitation path. Once the renderer escapes the sandbox, the attacker can gain system level privileges. As the exploit depends on renderer compromise, the vector is local to the client but can be triggered remotely via injected content.

Generated by OpenCVE AI on July 1, 2026 at 01:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to the latest stable release (150.0.7871.47 or newer).
  • If an immediate update is not possible, enable Chrome’s Site Isolation feature to isolate renderer processes and limit privilege escalation until a patch is applied.
  • Apply enterprise policies that enforce strict sandboxing for all Chrome processes and consider disabling third‑party renderer extensions that could be used to load untrusted content.

Generated by OpenCVE AI on July 1, 2026 at 01:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:15:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome’s Glic Component Allows Sandbox Escape

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:46.330Z

Reserved: 2026-06-29T23:03:26.475Z

Link: CVE-2026-13823

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T02:00:07Z

Weaknesses