Description
Use after free in Chromoting in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw exists in the Chromoting component of Google Chrome when running on Linux systems prior to version 150.0.7871.47. The vulnerability allows a remote attacker to send crafted network traffic that triggers the freed memory usage, leading to arbitrary code execution on the user’s device. The weakness is identified as CWE‑416, indicating improper handling of memory after it has been released.

Affected Systems

Google Chrome versions earlier than 150.0.7871.47 running on Linux distributions are impacted. The issue specifically targets the Chromoting protocol support in those builds.

Risk and Exploitability

The flaw is marked with high severity by Chromium and can be exploited remotely through malicious network input. Although an EPSS score is currently not available and the vulnerability is not listed in CISA’s KEV catalog, the combination of a remote code execution payload and the lack of mitigation recommendations points to a high overall risk. A remote attacker must be able to establish a connection that communicates with Chrome’s Chromoting service, and if successful, can achieve full code execution on the host.

Generated by OpenCVE AI on July 1, 2026 at 04:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or later on all Linux systems
  • Disable the Chromoting feature by blocking the remote‑desktop channel or using policy settings to turn off remote‑desktop support
  • Block outbound connections to Chrome’s Chromoting port via a firewall or network segmentation to prevent malicious traffic

Generated by OpenCVE AI on July 1, 2026 at 04:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 04:45:00 +0000

Type Values Removed Values Added
Title Chromoting Use‑After‑Free Enables Remote Code Execution in Google Chrome on Linux

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Chromoting in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:48.933Z

Reserved: 2026-06-29T23:03:28.216Z

Link: CVE-2026-13830

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T04:30:06Z

Weaknesses