Description
Use after free in GetUserMedia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use‑after‑free flaw in the GetUserMedia API of Google Chrome. When an attacker can compromise the renderer process and craft a malicious HTML page, the flaw allows the attacker to potentially escape the renderer sandbox and gain higher privileges. The weakness is identified as CWE‑416, which directly impacts the integrity and confidentiality of the compromised system. The official severity rating is low, but sandbox escape can have critical consequences in privileged contexts.

Affected Systems

Google Chrome versions prior to 150.0.7871.47 are affected. This includes any desktop installations of Chrome that have not yet received the 150.0.7871.47 update. No specific operating system or architecture is disqualified, as the bug resides in the browser’s core media handling logic.

Risk and Exploitability

The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, indicating a low likelihood of widespread exploitation at this time. However, the exploit requires the attacker to already compromise the renderer process, which typically demands a separate vulnerability or privileged user interaction. If successfully triggered, the sandbox escape could enable the attacker to execute code at the platform level, compromising the host machine. The subtle nature of the flaw and the low public awareness may keep exploitation rates low, but the potential impact remains significant for vulnerable users.

Generated by OpenCVE AI on July 1, 2026 at 04:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or later
  • Configure Chrome policy or browser settings to block camera and microphone access on untrusted sites, limiting the use of the GetUserMedia API
  • If immediate update is not possible, consider disabling the GetUserMedia feature via extensions or Chrome flags and conduct monitoring for anomalous renderer activity

Generated by OpenCVE AI on July 1, 2026 at 04:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in GetUserMedia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:06.618Z

Reserved: 2026-06-29T23:11:30.539Z

Link: CVE-2026-14043

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T04:15:16Z

Weaknesses