Description
Use after free in DOM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Google Chrome contained a use‑after‑free flaw in its Document Object Model handling of web pages. The flaw allows a remote attacker to run arbitrary code within Chrome's sandbox, providing the attacker with the privileges of the browser process while still within the restrictions of the sandbox. Because the code executes in the context of the browser, the attacker could potentially perform malicious actions such as data exfiltration, credential theft, or further compromise of the host system.

Affected Systems

Chrome versions prior to 150.0.7871.47 are affected. All users of the Chrome stable channel who have not yet upgraded to version 150.0.7871.47 or later are at risk.

Risk and Exploitability

The vulnerability is rated high severity. The EPSS score is unavailable and the asset is not listed in CISA's KEV catalog, suggesting that known exploit tools are not yet publicly available. Nevertheless, exploitation requires a user to be tricked into loading a malicious HTML page, making it opportunistic but potentially impactful. If exploited, the attacker can leverage the sandboxed execution to further compromise user data or pivot to higher privileges.

Generated by OpenCVE AI on July 1, 2026 at 03:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 150.0.7871.47 or later
  • Apply browser policies that restrict loading of untrusted HTML content or enable content security policies to limit script execution
  • Maintain the operating system and all other software with up‑to‑date security patches

Generated by OpenCVE AI on July 1, 2026 at 03:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 03:30:00 +0000

Type Values Removed Values Added
Title Use after Free in Chrome DOM Enables Remote Code Execution

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in DOM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:54.363Z

Reserved: 2026-06-29T23:03:31.997Z

Link: CVE-2026-13845

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T03:15:15Z

Weaknesses