CVE-2026-8575 - Vulnerability Details

- chromium-browser: chromium-browser: Use after free in UI

Description

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Published: 2026-05-14

Score: 8.3 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A use‑after‑free flaw in Chrome’s UI side chain triggers when native objects in the renderer process are freed incorrectly, allowing a malicious page to access memory that has already been released. The attacker can then use this condition to escape the renderer sandbox via a crafted HTML page. The flaw is a classic example of CWE‑416, where a null or dangling pointer is dereferenced after free, and it also maps to CWE‑825, which denotes information exposure through unintended memory disclosure after use‑after‑free.

Affected Systems

Google Chrome versions prior to 148.0.7778.168. Any user running a pre‑update Chrome may be vulnerable if their renderer process can be compromised by a crafted HTML page.

Risk and Exploitability

The CVE has a CVSS score of 8.3, indicating a high‑severity issue. EPSS data is not available and the vulnerability is not yet in the CISA KEV catalog. The exploit requires the attacker already to compromise the renderer process, after which a sandbox escape becomes possible. Attackers could deliver malicious content via a crafted HTML page served from an untrusted site. Based on the description, this is inferred because the exploit requires the attacker to compromise the renderer process and then use a crafted HTML page. The use‑after‑free flaw also falls under CWE‑825, potentially exposing sensitive data from the renderer process during the escape. The lack of an EPSS score or KEV status does not diminish the risk if the vulnerability is exploited in the wild.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Google

Chrome

affected

Version	Status	Constraints
`148.0.7778.168`	affected	< 148.0.7778.168

No data.

Vendor Product Confidence Versions

Google

Chrome

100%

Version	Status	Scheme	Platform
`[148.0.7778.168,148.0.7778.168)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update Chrome to a version at or above 148.0.7778.168, which contains a safe‑free fix for the renderer UI.
Enable or maintain automatic Chrome updates to ensure future patches are applied without manual intervention.
Limit execution of untrusted content by disabling or restricting legacy plugin support and preventing elevated privileges for content loaded through HTML files.

Generated by OpenCVE AI on May 15, 2026 at 13:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-6273-1	chromium security update

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00068.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html
https://issues.chromium.org/issues/496217775
https://nvd.nist.gov/vuln/detail/CVE-2026-8575
https://www.cve.org/CVERecord?id=CVE-2026-8575

History

Fri, 15 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Title		chromium-browser: chromium-browser: Use after free in UI
Weaknesses		CWE-825
References		https://nvd.nist.gov/vuln/detail/CVE-2026-8575 https://www.cve.org/CVERecord?id=CVE-2026-8575
Metrics	threat_severity `None`	threat_severity `Moderate`

Fri, 15 May 2026 00:00:00 +0000

Type	Values Removed	Values Added
Title	Use After Free in Chrome Renderer Allows Sandbox Escape

Thu, 14 May 2026 22:15:00 +0000

Type	Values Removed	Values Added
Title		Use After Free in Chrome Renderer Allows Sandbox Escape
First Time appeared		Google Google chrome
Vendors & Products		Google Google chrome

Thu, 14 May 2026 21:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 14 May 2026 20:15:00 +0000

Type	Values Removed	Values Added
Description		Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses		CWE-416
References		https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html https://issues.chromium.org/issues/496217775

Subscriptions

Google Chrome

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2026-05-14T19:52:39.457Z

Updated: 2026-05-15T03:57:13.106Z

Reserved: 2026-05-14T05:40:25.587Z

Link: CVE-2026-8575

Vulnrichment

Updated: 2026-05-14T21:03:49.555Z

NVD

Status : Awaiting Analysis

Published: 2026-05-14T20:17:19.863

Modified: 2026-05-14T22:16:51.050

Link: CVE-2026-8575

Redhat

Severity : Moderate

Publid Date: 2026-05-14T19:52:39Z

Links: CVE-2026-8575 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-15T14:00:21Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object