Description
Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-20
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free bug in the GPU path of Google Chrome on Windows versions prior to 148.0.7778.179 allows a remote attacker to run arbitrary code inside the browser’s sandbox by delivering a specially crafted HTML page. The flaw is a classic use‑after‑free (CWE‑416) that can escape the sandbox if triggered, potentially giving the attacker full control over the host system, compromising confidentiality, integrity, and availability. The issue also involves an unsafe API misuse (CWE‑825) that exacerbates the risk by allowing improper handling of resources.

Affected Systems

Google Chrome running on Windows, any build earlier than 148.0.7778.179, including the 148.0.7778.x series before the 179 release.

Risk and Exploitability

An EPSS score of < 1% indicates a very low but nonzero exploitation probability, but Chromium labels the issue as high severity with a CVSS score of 8.8, indicating a strong likelihood of exploitation if a suitable trigger is provided. The vulnerability can be triggered remotely via a malicious web page, which means an active or compromised site can act as a vector. The flaw is not listed in CISA’s KEV catalog, and no public exploit has been documented, but the attack surface remains significant given the wide user base of Chrome.

Generated by OpenCVE AI on May 29, 2026 at 03:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 148.0.7778.179 or newer to apply the vendor fix
  • If an immediate upgrade is not possible, apply a temporary workaround by disabling GPU acceleration (e.g., start Chrome with the flag --disable-gpu or set the flag in chrome://flags) to eliminate the exploited code path
  • Verify that Chrome’s sandboxing features are enabled and that the ‘site isolation’ setting is active to maintain isolation between processes

Generated by OpenCVE AI on May 29, 2026 at 03:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6287-1 chromium security update
History

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
Title chromium-browser: Use after free in GPU
Weaknesses CWE-825
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 21 May 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Wed, 20 May 2026 21:45:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome GPU Path Allows Remote Code Execution via Crafted HTML
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 20 May 2026 21:00:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome GPU Path Allows Remote Code Execution via Crafted HTML

Wed, 20 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 20 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-21T03:55:45.277Z

Reserved: 2026-05-20T17:39:20.630Z

Link: CVE-2026-9112

cve-icon Vulnrichment

Updated: 2026-05-20T19:42:35.318Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-20T20:16:42.043

Modified: 2026-05-21T16:56:43.173

Link: CVE-2026-9112

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-19T00:00:00Z

Links: CVE-2026-9112 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T04:00:13Z

Weaknesses