Description
Use after free in MediaRecording in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-06
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Use‑after‑free in the MediaRecording component in Google Chrome before 148.0.7778.96 can be triggered by a crafted HTML page. A remote attacker can persuade a user to perform specific UI gestures, causing the application to reference freed memory and execute arbitrary code.

Affected Systems

Google Chrome, versions earlier than 148.0.7778.96. The vulnerability affects users who load a malicious webpage and interact with the page’s UI.

Risk and Exploitability

The flaw is a high‑severity use‑after‑free (CWE‑416) with a CVSS score of 7.5, enabling remote code execution. Exploitation requires the victim to visit a malicious site and perform specific gestures, which is infrequent but viable. EPSS is not available and the issue is not listed in the CISA KEV catalog, but the severity indicates significant risk when the conditions are met.

Generated by OpenCVE AI on May 7, 2026 at 01:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 148.0.7778.96 or later via the latest stable channel release
  • Configure Chrome’s policy for Media Recording to block or disable the feature in environments where the latest update cannot be installed immediately
  • Verify that the browser is set to automatically enforce Safe Browsing, which can help block malicious sites attempting to exploit UI gestures

Generated by OpenCVE AI on May 7, 2026 at 01:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6250-1 chromium security update
History

Thu, 07 May 2026 01:30:00 +0000

Type Values Removed Values Added
Title Use-After-Free in MediaRecording Allows Remote Code Execution via Crafted Webpage

Wed, 06 May 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Wed, 06 May 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 06 May 2026 21:00:00 +0000

Type Values Removed Values Added
Title Use-After-Free in MediaRecording Allows Remote Code Execution via Crafted Webpage

Wed, 06 May 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 06 May 2026 18:30:00 +0000

Type Values Removed Values Added
Description Use after free in MediaRecording in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-07T03:56:29.914Z

Reserved: 2026-05-05T22:59:11.951Z

Link: CVE-2026-7929

cve-icon Vulnrichment

Updated: 2026-05-06T20:10:32.835Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T19:16:41.240

Modified: 2026-05-06T23:37:01.770

Link: CVE-2026-7929

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T01:15:17Z

Weaknesses