Description
Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Published: 2026-07-08
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a use‑after‑free flaw in the InterestGroups mechanism of Google Chrome. The freed memory pointer can be accessed, allowing an attacker to execute arbitrary code within the browser’s sandbox. The weakness, classified as CWE‑416, yields code execution when a user loads a specially crafted web page.

Affected Systems

Google Chrome browsers with versions earlier than 150.0.7871.115. The issue affects all platforms that ship with this Chromium build, including Windows, macOS, Linux, and Chrome OS.

Risk and Exploitability

The CVSS score is high, reflecting the severity of the flaw. No EPSS score is available, and the vulnerability is not listed in CISA KEV. An attacker can trigger the flaw by delivering a crafted HTML page to a user, so the attack vector is the web content channel. Successful exploitation leads to code execution inside the sandbox, potentially permitting higher‑privilege actions through a sandbox escape.

Generated by OpenCVE AI on July 9, 2026 at 03:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Chrome version 150.0.7871.115 or later, which addresses the interest group handling logic.
  • Disable the InterestGroups feature through policy or chrome://flags/ if an immediate upgrade is not possible.
  • Monitor for suspicious web content and block malicious sites that may exploit interest group behavior.
  • Apply all pending security updates for Chrome and the underlying operating system to reduce build‑up of additional vulnerabilities.

Generated by OpenCVE AI on July 9, 2026 at 03:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Jul 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 09 Jul 2026 04:00:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome InterestGroups Enables Sandbox Escape

Thu, 09 Jul 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 08 Jul 2026 23:00:00 +0000

Type Values Removed Values Added
Description Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-09T10:20:25.639Z

Reserved: 2026-07-08T17:07:45.300Z

Link: CVE-2026-15133

cve-icon Vulnrichment

Updated: 2026-07-09T10:18:19.688Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-09T03:45:03Z

Weaknesses