Description
Use after free in USB in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic use‑after‑free that occurs in Chrome’s USB handling code on macOS. When a renderer process that has already been compromised processes a specially crafted HTML page, it can dereference freed memory and inject code that breaks out of the sandbox. This classic buffer misuse aligns with CWE‑416 and can potentially expose the victim’s system to arbitrary code execution once the sandbox boundary is traversed.

Affected Systems

Google Chrome on macOS versions that precede 150.0.7871.47. The issue is limited to the desktop stable channel and affects users running older releases; newer releases contain the fix.

Risk and Exploitability

The defect is rated as high severity by Chromium’s internal scoring. No EPSS value is available, but the lack of public exploits in KEV does not diminish the potential impact. Attackers only need to get a malicious HTML page rendered by a compromised renderer process; the sandbox escape can then allow the attacker to execute code with the same privileges as the Chrome process, which on macOS typically includes broad system access.

Generated by OpenCVE AI on July 1, 2026 at 01:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Chrome 150.0.7871.47 or later
  • Disable camera/USB access in Chrome using chrome://flags or enterprise policy
  • If immediate upgrade is not possible, restrict USB device usage on affected machines through OS‑level policies

Generated by OpenCVE AI on July 1, 2026 at 01:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 01:30:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome USB Driver Allows Remote Sandbox Escapes for macOS

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in USB in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:54.706Z

Reserved: 2026-06-29T23:03:32.246Z

Link: CVE-2026-13846

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T01:15:16Z

Weaknesses