Description
Use after free in SignIn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw exists in Chrome’s SignIn component that can be triggered when a user interacts with a maliciously crafted HTML page. The bug allows an attacker that persuades the user to perform specific UI gestures to corrupt the heap, potentially leading to arbitrary code execution or denial of service. The vulnerability is classified as a memory management error (CWE‑416).

Affected Systems

The affected vendor is Google for its Chrome web browser. All operating systems that run Chrome are impacted, but only installations running Chrome versions earlier than 150.0.7871.47 are vulnerable.

Risk and Exploitability

Chromium rates the issue as low severity, and the EPSS score is not available, indicating no publicly known exploitation attempts at the moment. The flaw is not listed in CISA’s KEV catalog. Exploitation requires a social‑engineering step in which the attacker lures the user to a malicious site that initiates the required UI gestures. Therefore, the risk is limited to situations where a user actively visits a compromised webpage while running an outdated Chrome version.

Generated by OpenCVE AI on July 1, 2026 at 04:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 150.0.7871.47 or later
  • Enable Chrome’s Safe Browsing feature to block malicious sites
  • Monitor user activity for signs of social engineering attempts and provide user education on phishing

Generated by OpenCVE AI on July 1, 2026 at 04:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 04:30:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome SignIn Heap Corruption

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in SignIn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:01.241Z

Reserved: 2026-06-29T23:04:21.647Z

Link: CVE-2026-14027

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T04:15:16Z

Weaknesses