Description
Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: High)
Published: 2026-04-28
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw in the Cast component of Google Chrome allows an attacker who can send carefully crafted network traffic on the local network to cause Chrome to execute arbitrary code with the privileges of its sandbox. The vulnerability is a memory corruption error that is triggered by malicious Cast protocol data and is classified under CWE-416 and CWE-825.

Affected Systems

The affected product is Google Chrome. Versions prior to 147.0.7727.138 on the stable channel are vulnerable. Any build of Chrome that includes the Cast protocol before this version is impacted.

Risk and Exploitability

Exploitation requires an adversary that can communicate on the same local network segment as the victim and can send custom Cast packets to the target machine. The victim’s browser must be running and receive the malicious traffic. The attacker gains code execution confined to the sandbox that Chrome uses, but since the sandbox restricts system access, the impact remains limited to the browser process. The EPSS score is under 1 %, the CVSS score is 7.5, and the vulnerability is not listed in the CISA KEV catalog, indicating a moderate exploitation likelihood in local‑network contexts.

Generated by OpenCVE AI on April 29, 2026 at 21:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 147.0.7727.138 or later
  • Configure the local network to block unsolicited Cast traffic from untrusted devices
  • Limit Cast functionality to trusted local devices only

Generated by OpenCVE AI on April 29, 2026 at 21:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6239-1 chromium security update
History

Thu, 30 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Wed, 29 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Wed, 29 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title Local Network Use‑After‑Free in Chrome Cast Enables Arbitrary Code Execution chromium-browser: Use after free in Cast
Weaknesses CWE-825
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Wed, 29 Apr 2026 01:30:00 +0000

Type Values Removed Values Added
Title Local Network Use‑After‑Free in Chrome Cast Enables Arbitrary Code Execution

Wed, 29 Apr 2026 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Tue, 28 Apr 2026 23:00:00 +0000

Type Values Removed Values Added
Description Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-04-30T03:55:34.899Z

Reserved: 2026-04-28T20:02:42.721Z

Link: CVE-2026-7349

cve-icon Vulnrichment

Updated: 2026-04-29T13:11:07.649Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-28T23:16:22.490

Modified: 2026-04-30T16:40:46.483

Link: CVE-2026-7349

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-28T00:00:00Z

Links: CVE-2026-7349 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T21:45:20Z

Weaknesses