Description
Use after free in DOM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-06
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw in Google Chrome’s DOM handling allows a remote attacker to run arbitrary code inside the browser’s sandbox through a specially crafted HTML page. The vulnerability is a classic example of CWE‑416, where exposed memory is accessed after it has been freed. Exploitation can lead to execution of malicious scripts or binaries within the constrained sandbox environment, potentially compromising user data, bypassing security controls, or facilitating further lateral movement across the host system.

Affected Systems

All users of Google Chrome versions earlier than 148.0.7778.96 are affected. The flaw is present in the Chrome stable channel for desktop browsers. No specific sub‑model or patch level beyond the version designation is listed.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity. The EPSS score is not available, but the vulnerability is classified as high severity by Chromium. Since it is not listed in CISA’s KEV catalog yet, no known exploits have been documented publicly. However, the attack vector is remote, relying on a malicious web page that can be delivered via HTTP or HTTPS, and the sandbox restriction can be bypassed by a specialized exploit chain. The impact is significant enough to warrant immediate attention from all affected users.

Generated by OpenCVE AI on May 7, 2026 at 01:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to the latest stable release that includes the fix, specifically version 148.0.7778.96 or newer.
  • If a timely update is not possible, restrict or block access to sites that could serve malicious HTML content, for example by using content filtering or enterprise policy to block suspicious web content.
  • Enable and monitor Chrome’s security features such as Safe Browsing and sandbox isolation, and keep an eye on system logs for any anomalous processes that might indicate an exploitation attempt.

Generated by OpenCVE AI on May 7, 2026 at 01:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6250-1 chromium security update
History

Thu, 07 May 2026 01:30:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome DOM Enables Remote Code Execution in Sandbox

Wed, 06 May 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Wed, 06 May 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 06 May 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 06 May 2026 19:45:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome DOM Enables Remote Code Execution in Sandbox

Wed, 06 May 2026 18:30:00 +0000

Type Values Removed Values Added
Description Use after free in DOM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-07T03:56:35.558Z

Reserved: 2026-05-05T22:59:06.113Z

Link: CVE-2026-7907

cve-icon Vulnrichment

Updated: 2026-05-06T20:19:43.688Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T19:16:39.000

Modified: 2026-05-06T23:41:21.227

Link: CVE-2026-7907

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T01:15:17Z

Weaknesses