Description
Use after free in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-06
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use‑after‑free in the GPU code path of Chrome before 148.0.7778.96 that can allow a remote attacker, once the renderer process is compromised, to escape its sandbox via a maliciously crafted HTML page. The flaw originates from improper memory handling in the graphics pipeline, identified as a memory safety issue CWE‑416. If exploited, the attacker could elevate privileges within the render process, potentially leading to execution of arbitrary code on the host. Based on the description, it is inferred that this privilege escalation can compromise the host operating system.

Affected Systems

Affects any Chrome desktop build older than 148.0.7778.96, regardless of operating system, because the GPU component is common across platforms. Users running legacy versions must verify and update to a fixed release.

Risk and Exploitability

The risk is significant; with a CVSS score of 8.3, the vulnerability is considered high severity. Attack requires a compromised renderer process, which can arise from malicious web pages or compromised extensions. The exploit would need to trigger the use‑after‑free through a crafted page, making a malicious website or drive‑by attack a likely vector. The likely attack vector is a malicious website that supplies a crafted HTML page to trigger the use‑after‑free. While publicly known exploits are not yet available, the potential impact warrants immediate action.

Generated by OpenCVE AI on May 7, 2026 at 00:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Chrome update that includes version 148.0.7778.96 or newer, which contains the GPU use‑after‑free fix.
  • If an update cannot be applied immediately, launch Chrome with the --disable-gpu flag or use software rendering to avoid the vulnerable GPU code path.
  • Consider running Chrome in a separate container or using strict sandboxing settings to limit the impact of a potential escape until the patch is applied.

Generated by OpenCVE AI on May 7, 2026 at 00:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6250-1 chromium security update
History

Thu, 07 May 2026 00:45:00 +0000

Type Values Removed Values Added
Title GPU Use‑After‑Free Leading to Sandbox Escape in Chrome Before 148.0.7778.96

Wed, 06 May 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Wed, 06 May 2026 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 06 May 2026 22:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Wed, 06 May 2026 21:15:00 +0000

Type Values Removed Values Added
Title GPU Use‑After‑Free Leading to Sandbox Escape in Chrome Before 148.0.7778.96

Wed, 06 May 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 06 May 2026 18:30:00 +0000

Type Values Removed Values Added
Description Use after free in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-07T03:56:46.916Z

Reserved: 2026-05-05T22:59:08.993Z

Link: CVE-2026-7918

cve-icon Vulnrichment

Updated: 2026-05-06T20:42:43.983Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T19:16:40.073

Modified: 2026-05-06T23:39:24.603

Link: CVE-2026-7918

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T00:30:12Z

Weaknesses