Description
Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
Published: 2026-07-08
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a use‑after‑free flaw that occurs when a malicious Chrome extension is installed. The flaw can corrupt heap memory during extension execution, potentially allowing the attacker to execute arbitrary code within the browser process. The weakness is categorized as CWE‑416, a classic memory corruption issue.

Affected Systems

Google Chrome versions prior to 150.0.7871.115 on all supported operating systems are affected. Users running these releases are at risk if they install untrusted or malicious extensions.

Risk and Exploitability

The vulnerability is rated high in Chrome's security severity matrix. Based on the description, it is inferred that the attack vector is a malicious extension installed through social engineering. Although EPSS data is not available, the flaw could be exploited by convincing a user to install a malicious extension. The attack requires social engineering to get the user to install the extension, after which heap corruption could lead to code execution. The vulnerability is not listed in the CISA KEV catalog at this time, but the potential impact warrants prompt mitigation.

Generated by OpenCVE AI on July 9, 2026 at 08:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.115 or later.
  • Remove or disable any installed extensions that are not verified by the Chrome Web Store.
  • Configure enterprise policies to block extension installation from unknown sources and enforce automatic browser updates.

Generated by OpenCVE AI on July 9, 2026 at 08:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Jul 2026 09:15:00 +0000

Type Values Removed Values Added
Title Chrome Extension Use‑After‑Free Heap Corruption Vulnerability

Thu, 09 Jul 2026 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 08 Jul 2026 23:00:00 +0000

Type Values Removed Values Added
Description Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
Weaknesses CWE-416
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-08T22:35:59.895Z

Reserved: 2026-07-08T17:07:39.115Z

Link: CVE-2026-15110

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-09T09:00:14Z

Weaknesses