Description
Use after free in Base in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Published: 2026-05-28
Score: 9.6 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Use after free in the Base module of Google Chrome on macOS prior to 148.0.7778.216 can be triggered by a maliciously crafted HTML page. The vulnerability may allow a sandbox escape, giving the attacker the ability to run code with elevated privileges; this inference is drawn from the description and aligns with the identified weaknesses CWE-416 and CWE-825.

Affected Systems

All users running Google Chrome on macOS before version 148.0.7778.216 are vulnerable. The flaw affects the base component of the browser, which is common across all Chrome builds for macOS.

Risk and Exploitability

The CVSS score of 9.6 marks the vulnerability as critical. The EPSS score is < 1%, indicating a very low but nonzero exploitation probability, and it is not listed in the CISA KEV catalog. The likely attack vector is remote, requiring only that the victim view a specially crafted HTML page—a detail inferred from the description. If the use‑after‑free is reached, the sandbox can be bypassed, potentially allowing the attacker to execute arbitrary code. Given the severity and ease of delivery, the risk remains high and immediate remediation is advisable.

Generated by OpenCVE AI on May 29, 2026 at 16:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 148.0.7778.216 or later. This patch removes the vulnerable use‑after‑free path and restores proper sandbox isolation.
  • Restart the browser after the update to ensure the new binaries are loaded.
  • Keep the operating system and other security updates up to date to reinforce sandbox boundaries and limit exploit impact.

Generated by OpenCVE AI on May 29, 2026 at 16:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Chrome Base Use‑After‑Free Allows Sandbox Escape via Malicious HTML on macOS chromium-browser: Use after free in Base
Weaknesses CWE-825
References
Metrics threat_severity

None

 cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N'}

threat_severity

Critical

Fri, 29 May 2026 01:00:00 +0000

Type Values Removed Values Added
Title Chrome Base Use‑After‑Free Allows Sandbox Escape via Malicious HTML on macOS

Fri, 29 May 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Use after free in Base in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-30T03:56:38.662Z

Reserved: 2026-05-28T17:24:43.676Z

Link: CVE-2026-9886

cve-icon Vulnrichment

Updated: 2026-05-29T14:56:00.932Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-28T23:16:46.587

Modified: 2026-05-29T16:16:34.787

Link: CVE-2026-9886

cve-icon Redhat

Severity : Critical

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-9886 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T17:00:04Z

Weaknesses