Description
Use after free in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-06
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use‑after‑free in the graphics pipeline of Chrome prior to version 148.0.7778.96, which can be triggered by a crafted HTML page. This flaw arises from improper memory handling in the GPU component and is identified by CWE‑416 and CWE‑825. If an attacker can compromise the renderer process through the web content, the defect may allow the process to escape its sandbox, potentially leading to execution of arbitrary code on the host system.

Affected Systems

All desktop builds of Chrome older than 148.0.7778.96 on any operating system are affected because the GPU code is shared across platforms. Users must verify and apply the most recent Chrome release or an equivalent security update.

Risk and Exploitability

The CVSS score of 8.3 indicates a high severity impact if exploited. However, the EPSS score of less than 1% suggests that current exploitation probability is low, likely due to the need for a renderer process compromise that is not yet widespread. The CVE is not listed in the CISA KEV catalog, meaning no publicly known exploits have been documented yet. Based on the description, the likely attack vector is a malicious website or compromised extension that delivers a crafted page, which would trigger the use‑after‑free. The threat therefore remains significant but with a modest current exploitation likelihood.

Generated by OpenCVE AI on May 9, 2026 at 04:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Chrome update that includes version 148.0.7778.96 or newer to remove the GPU use‑after‑free flaw.
  • If a patch cannot be applied immediately, start Chrome with the --disable-gpu flag or otherwise disable hardware acceleration to bypass the vulnerable code path.
  • Run Chrome in a container or otherwise isolate it with strict sandboxing settings so that even if a process escape occurs, the impact on the host system is limited.

Generated by OpenCVE AI on May 9, 2026 at 04:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6250-1 chromium security update
History

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
Title chromium-browser: Use after free in GPU
Weaknesses CWE-825
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 07 May 2026 00:45:00 +0000

Type Values Removed Values Added
Title GPU Use‑After‑Free Leading to Sandbox Escape in Chrome Before 148.0.7778.96

Wed, 06 May 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Wed, 06 May 2026 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 06 May 2026 22:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Wed, 06 May 2026 21:15:00 +0000

Type Values Removed Values Added
Title GPU Use‑After‑Free Leading to Sandbox Escape in Chrome Before 148.0.7778.96

Wed, 06 May 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 06 May 2026 18:30:00 +0000

Type Values Removed Values Added
Description Use after free in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-07T03:56:46.916Z

Reserved: 2026-05-05T22:59:08.993Z

Link: CVE-2026-7918

cve-icon Vulnrichment

Updated: 2026-05-06T20:42:43.983Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T19:16:40.073

Modified: 2026-05-06T23:39:24.603

Link: CVE-2026-7918

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-05T00:00:00Z

Links: CVE-2026-7918 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T04:30:17Z

Weaknesses