Description
Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-28
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw, identified as CWE-416, exists in the Core component of Google Chrome on Windows prior to version 148.0.7778.216. The flaw is triggered by a specially crafted HTML page; combined with insufficient privilege checks (CWE-825), it can enable a remote attacker who has already compromised the renderer process to escape Chrome's sandbox. The official Chromium severity classification is High, but the CVE does not indicate unrestricted code execution, only a potential sandbox escape that could allow further compromise of the underlying operating system.

Affected Systems

All Windows users running Google Chrome with a version earlier than 148.0.7778.216 are affected. The vulnerability targets the renderer process component and requires that Windows be the operating system.

Risk and Exploitability

The CVSS score is 8.3, and the EPSS score is < 1%, indicating a very low but non‑zero probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote, using a malicious website to deliver the crafted HTML page to a user whose renderer process is already compromised. Because the flaw requires prior renderer compromise to succeed, the overall risk is elevated for users interacting with malicious content but the window for exploitation is limited by both the need for the initial renderer compromise and the low probability indicated by EPSS.

Generated by OpenCVE AI on May 29, 2026 at 16:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 148.0.7778.216 or later.
  • Enable Chrome's Site Isolation policy to enforce cross‑site process isolation, reducing the impact of a compromised renderer.
  • Activate Safe Browsing and ensure the system’s firewall and antivirus are current to detect and block malicious content that might exploit this flaw.

Generated by OpenCVE AI on May 29, 2026 at 16:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows

Fri, 29 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Use‑after‑free in Core Allows Potential Sandbox Escape via Malicious HTML on Windows chromium-browser: Use after free in Core
Weaknesses CWE-825
References
Metrics threat_severity

None

 cvssV3_1

{'score': 9.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

threat_severity

Important

Fri, 29 May 2026 01:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 29 May 2026 01:00:00 +0000

Type Values Removed Values Added
Title Use‑after‑free in Core Allows Potential Sandbox Escape via Malicious HTML on Windows

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-29T14:39:47.532Z

Reserved: 2026-05-28T17:24:58.159Z

Link: CVE-2026-9949

cve-icon Vulnrichment

Updated: 2026-05-29T14:39:43.096Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T23:16:53.050

Modified: 2026-05-29T16:28:25.540

Link: CVE-2026-9949

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-9949 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T16:30:02Z

Weaknesses