Description
Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use-after-free flaw located in the Bluetooth processing logic of Google Chrome running on macOS. If an attacker can gain control of a renderer process, a crafted HTML page can trigger the freed memory to be accessed, allowing the attacker to escape the renderer sandbox and potentially execute code with higher privileges. The weakness is CWE-416 and is described as a Medium severity issue by Chromium.

Affected Systems

Google Chrome for macOS is affected. Any installation of Chrome on macOS with a version earlier than 150.0.7871.47 is vulnerable. The vulnerability specifically targets the Bluetooth module used by Chrome when it is enabled.

Risk and Exploitability

The risk level is moderate due to the Medium severity rating, but the lack of an EPSS score makes exact exploitation probability uncertain. The flaw can be leveraged only after the attacker has already compromised the renderer process, which typically requires a prior vulnerability or social engineering to deliver a malicious page. Although the vulnerability is not listed in the CISA KEV catalog, the potential for sandbox escape raises the risk in contexts where Chrome is used to render untrusted content.

Generated by OpenCVE AI on July 1, 2026 at 00:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or later on macOS.
  • Disable Bluetooth functionality in Chrome or block Bluetooth access through system settings if the feature is required.
  • If an upgrade cannot be applied immediately, further restrict the renderer process by applying stricter sandbox policies or disabling extensions that could assist a compromised renderer.

Generated by OpenCVE AI on July 1, 2026 at 00:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 01:15:00 +0000

Type Values Removed Values Added
Title Use-After-Free in Chrome Bluetooth on macOS

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:06.333Z

Reserved: 2026-06-29T23:03:40.328Z

Link: CVE-2026-13878

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T01:00:14Z

Weaknesses