Description
Use after free in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-28
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use‑after‑free in the GPU module of Google Chrome, identified as CWE‑416 and CWE‑825. It allows a remote attacker who has already compromised the renderer process to direct that process to manipulate freed GPU memory. By delivering a crafted HTML page, the attacker could use this memory reuse to escape the browser sandbox.

Affected Systems

Google Chrome versions before 148.0.7778.216 on all supported operating systems in the stable channel are affected. The bug exists throughout the GPU memory management code integral to the browser’s rendering engine.

Risk and Exploitability

The CVSS score is 8.3, while the EPSS score is less than 1 % and the vulnerability is not listed in CISA KEV, indicating limited current exploitation activity. Exploitation requires an initial renderer sandbox escape, which currently has no publicly documented exploit. The potential impact is sandbox escape, which could enable further attacks should additional vulnerabilities be present.

Generated by OpenCVE AI on May 29, 2026 at 16:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 148.0.7778.216 or later, which patches the GPU use‑after‑free bug.
  • Ensure that automatic updates are enabled for Chrome to receive future security fixes promptly.
  • As a temporary countermeasure, disable hardware acceleration for untrusted web content or apply corporate policies that limit GPU usage for pages from non‑trusted origins to reduce the risk of renderer exploitation.

Generated by OpenCVE AI on May 29, 2026 at 16:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Fri, 29 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome GPU Enables Sandbox Escape chromium-browser: Use after free in GPU
Weaknesses CWE-825
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

threat_severity

Important

Fri, 29 May 2026 00:30:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome GPU Enables Sandbox Escape
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Use after free in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-29T14:43:51.925Z

Reserved: 2026-05-28T17:24:53.877Z

Link: CVE-2026-9931

cve-icon Vulnrichment

Updated: 2026-05-29T14:43:47.714Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T23:16:51.197

Modified: 2026-05-29T17:12:00.247

Link: CVE-2026-9931

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-9931 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T16:30:02Z

Weaknesses