Description
Use after free in Views in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free vulnerability exists in the Views component of Google Chrome for macOS prior to version 150.0.7871.47 (CWE‑416). The flaw allows an attacker to craft a malicious HTML page that, when a user performs specific UI gestures, triggers heap corruption. The CVE indicates low severity and does not explicitly disclose remote code execution. By corrupting the heap, an attacker could potentially compromise the browser or the system, though the exact impact is not detailed.

Affected Systems

Google Chrome on macOS, versions earlier than 150.0.7871.47.

Risk and Exploitability

The vulnerability is characterized as a low‑severity issue by Chromium, and there is no EPSS score available. It is not listed in the CISA KEV catalog. Exploitation requires a remote attacker to entice a user to load a crafted page and engage in particular UI gestures, so practical attack likelihood is limited, but the potential impact remains serious if exploited.

Generated by OpenCVE AI on July 1, 2026 at 05:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or later.
  • If an update cannot be applied immediately, restrict or block navigation to untrusted web content that could trigger the exploit.
  • Consider isolating Chrome in a sandboxed environment or using browser isolation techniques to reduce the blast radius of potential exploitation.

Generated by OpenCVE AI on July 1, 2026 at 05:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 05:30:00 +0000

Type Values Removed Values Added
Title Use-After-Free in Chrome Views Enables Heap Corruption on macOS

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Views in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:00.517Z

Reserved: 2026-06-29T23:04:21.134Z

Link: CVE-2026-14025

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T05:15:04Z

Weaknesses