Description
Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-05-20
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use‑after‑free bug in the DOM implementation of Google Chrome. A malicious web page can trigger a memory deallocation error that allows the attacker to execute arbitrary code inside the browser’s sandbox. Because the code runs with sandbox privileges, the attacker can compromise the sandbox environment and potentially elevate privileges, exfiltrate data, or pivot to other parts of the system, depending on other system defenses.

Affected Systems

Google Chrome is affected in all releases prior to version 148.0.7778.179. The issue resides in the core DOM engine, so any Chrome installation that has not yet applied the 148.0.7778.179 fix is vulnerable, across Windows, macOS, Linux, Android, and other platforms via the stable channel.

Risk and Exploitability

The bug allows a remote attacker to exploit vulnerable Chrome by serving a specially crafted HTML page, which can be hosted under attacker control or delivered through phishing. Exploitation requires the user to load or render the malicious page. Chromium rates the severity as Medium, no EPSS score is currently available, and the vulnerability is not listed in the CISA KEV catalog. The CVSS score is 8.8, and the need for user interaction and sandbox containment reduces risk, yet arbitrary code execution inside the browser demands a high priority response.

Generated by OpenCVE AI on May 20, 2026 at 21:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 148.0.7778.179 or later.
  • If an update is impossible, disable the affected functionality through browser settings or policy overrides, if available.
  • Enable automatic updates on all Chrome installations to receive future security patches as soon as they are released.

Generated by OpenCVE AI on May 20, 2026 at 21:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 20 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 20 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-21T03:55:50.944Z

Reserved: 2026-05-20T17:47:38.981Z

Link: CVE-2026-9126

cve-icon Vulnrichment

Updated: 2026-05-20T19:35:13.851Z

cve-icon NVD

Status : Received

Published: 2026-05-20T20:16:45.540

Modified: 2026-05-20T20:16:45.540

Link: CVE-2026-9126

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T21:45:40Z

Weaknesses