Description
Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw in Chrome’s Bluetooth implementation on macOS before version 150.0.7871.47 allows an attacker who convinces a user to install a crafted Chrome extension to run arbitrary code. The vulnerability is classified as CWE‑416 and provides code‑execution privileges at the level of the Chrome process, potentially enabling full system compromise. Chromium assessed this flaw as low severity, but the impact of executing arbitrary code should not be underestimated.

Affected Systems

All installations of Google Chrome on macOS with versions earlier than 150.0.7871.47 are affected. Users who install extensions from untrusted or unknown publishers are at risk because the flaw is triggered only when such an extension is installed.

Risk and Exploitability

EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating no evidence of active exploitation. Exploitation requires the user to install a malicious extension, so the likely attack vector is social engineering or distribution of malicious extensions. Based on the description, it is inferred that local user interaction is sufficient for exploitation; no remote network access is required.

Generated by OpenCVE AI on July 1, 2026 at 05:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome to version 150.0.7871.47 or later
  • Restrict extension installation to trusted sources or disable unknown publishers
  • Disable Bluetooth usage in Chrome or through macOS system settings

Generated by OpenCVE AI on July 1, 2026 at 05:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 05:30:00 +0000

Type Values Removed Values Added
Title Chrome Bluetooth use‑after‑free allows arbitrary code execution via malicious extensions on macOS

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Low)
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:02.670Z

Reserved: 2026-06-29T23:11:28.089Z

Link: CVE-2026-14032

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T05:15:04Z

Weaknesses