Description
Use after free in Installer in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use-after-free bug in the Windows Chrome installer allows a local attacker running a crafted installer file to escape the installer sandbox and gain elevated privileges on the system. The flaw is triggered by a freed memory reference within the installer code, enabling the attacker to execute arbitrary code with the privileges of the installing user. This vulnerability is classified as CWE-416 and is reported at low severity by Chromium teams.

Affected Systems

Google Chrome for Windows versions earlier than 150.0.7871.47 are vulnerable. The issue appears only on the Windows operating system. Installing or updating Chrome to a version that includes the fix (150.0.7871.47 or later) removes the use-after-free condition.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. Although the severity rating is low, the flaw permits a local privilege escalation, so any user with access to a malicious installer file can exploit it. The attack requires the attacker to supply a crafted installer and run it locally, so it is confined to environments where such files can be introduced.

Generated by OpenCVE AI on July 1, 2026 at 04:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Chrome version 150.0.7871.47 or later
  • Reboot the system after installing the update if an installer is pending
  • Avoid executing unknown Chrome installer files and verify the authenticity of update packages

Generated by OpenCVE AI on July 1, 2026 at 04:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 05:15:00 +0000

Type Values Removed Values Added
Title Use-After-Free in Chrome Installer Enables Local Privilege Escalation

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Installer in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low)
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:24.932Z

Reserved: 2026-06-29T23:11:40.945Z

Link: CVE-2026-14094

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T05:00:07Z

Weaknesses