Description
Use after free in Views in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-28
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic use‑after‑free flaw located in the Views component of Google Chrome on macOS. When the renderer process, which has already been compromised by an attacker, frees memory but later attempts to access it, the browser can act on invalid data. This behavior can be exploited to break the sandbox and gain arbitrary code execution on the host. The weakness aligns with CWE‑416 and CWE‑825, a memory safety defect that directly threatens the confidentiality and integrity of the system.

Affected Systems

Google Chrome for macOS versions earlier than 148.0.7778.216 are affected. The flaw exists specifically in the renderer process of the browser when the operating system is macOS. No other platforms or browser versions are listed.

Risk and Exploitability

The defect is rated as high severity by Chromium and has a CVSS score of 9.0. The EPSS score is 0.00035, indicating a very low probability of exploitation. The issue is not listed in CISA’s KEV catalog, so no widespread exploitation has been reported. The likely attack vector is a remote attacker delivering a crafted HTML page to a user running an affected version of Chrome. The attacker must first compromise the renderer process, then trigger the use‑after‑free to escape the sandbox. The impact is full control of the user’s system from within the browser environment.

Generated by OpenCVE AI on May 29, 2026 at 15:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 148.0.7778.216 or newer
  • If upgrading is not immediately possible, restrict the renderer process to no network or file system access through group policy or configuration changes to the sandbox
  • Ensure that users run the latest macOS security updates and enable Gatekeeper to prevent execution of non‑verified code

Generated by OpenCVE AI on May 29, 2026 at 15:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 29 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

 cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Use After Free in Chrome Views Leading to Sandbox Escape on macOS chromium-browser: Use after free in Views
Weaknesses CWE-825
References
Metrics threat_severity

None

 cvssV3_1

{'score': 9.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

threat_severity

Important

Fri, 29 May 2026 01:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 29 May 2026 00:30:00 +0000

Type Values Removed Values Added
Title Use After Free in Chrome Views Leading to Sandbox Escape on macOS

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Use after free in Views in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-29T15:02:38.551Z

Reserved: 2026-05-28T17:24:57.938Z

Link: CVE-2026-9948

cve-icon Vulnrichment

Updated: 2026-05-29T15:02:33.189Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-28T23:16:52.940

Modified: 2026-05-29T16:16:38.833

Link: CVE-2026-9948

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-9948 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:45:16Z

Weaknesses