Description
Use after free in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-05-06
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Use‑after‑free vulnerability was found in the Chrome renderer before version 148.0.7778.96. A remote attacker who could compromise the renderer process may craft a malicious HTML page that triggers the misuse of freed memory and causes arbitrary code execution inside the sandboxed environment.

Affected Systems

All installations of Google Chrome with a version older than 148.0.7778.96 are vulnerable. The patch is included in the stable‑channel update released on May 2026 and applies to all desktop platforms.

Risk and Exploitability

The CVSS score is 8.8. EPSS data is unavailable, and the vulnerability is not listed in the CISA KEV catalog. The attack requires prior compromise of the renderer, but once achieved it can execute code inside the sandbox, potentially leading to data exposure or privilege escalation within the browser context.

Generated by OpenCVE AI on May 6, 2026 at 23:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install Chrome version 148.0.7778.96 or later on all affected machines.
  • Deploy the update automatically across the organization using enterprise update policies.
  • Configure a content‑security‑policy that limits the loading of arbitrary HTML content in renderer processes to reduce the attack surface.

Generated by OpenCVE AI on May 6, 2026 at 23:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 23:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Google
Google chrome
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Google
Google chrome
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Wed, 06 May 2026 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 06 May 2026 22:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Wed, 06 May 2026 21:15:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome Renderer Allows Code Execution via Crafted HTML

Wed, 06 May 2026 18:30:00 +0000

Type Values Removed Values Added
Description Use after free in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-416
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-07T03:55:56.756Z

Reserved: 2026-05-05T22:59:29.383Z

Link: CVE-2026-7991

cve-icon Vulnrichment

Updated: 2026-05-06T18:49:50.991Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T19:16:49.977

Modified: 2026-05-06T23:19:55.290

Link: CVE-2026-7991

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T00:30:12Z

Weaknesses