Description
Use after free in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-28
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a use‑after‑free in the WebGL component of Google Chrome. A remote attacker who has already compromised the renderer process can trigger the freed memory reference by loading a specially crafted HTML page, potentially allowing a sandbox escape. The vulnerability is rated high in Chromium’s own severity list and is identified as a memory‑safety issue (CWE‑416) or incorrect handling of shared memory (CWE‑825).

Affected Systems

All releases of Google Chrome older than 148.0.7778.216 are affected. The patch that fixes the flaw was included in that version, so any instance of Chrome running a version earlier than 148.0.7778.216 is susceptible.

Risk and Exploitability

The CVSS score is 8.3, indicating a high risk. The exploit requires an initial compromise of the renderer process, which is already a significant foothold. The likely attack vector is a malicious web page that delivers the crafted content. The EPSS score is < 1%, and the vulnerability is not listed in CISA’s KEV catalog, indicating no confirmed public exploits at this time.

Generated by OpenCVE AI on May 29, 2026 at 16:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to 148.0.7778.216 or newer.
  • If an update cannot be applied immediately, disable WebGL in chrome://flags/#disable-webgl or block untrusted sites from using WebGL.
  • Employ site isolation and enforce strict Content Security Policy to limit the exposure of renderer processes to untrusted content.

Generated by OpenCVE AI on May 29, 2026 at 16:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in WebGL Allows Sandbox Escape in Google Chrome chromium-browser: Use after free in WebGL
Weaknesses CWE-825
References
Metrics threat_severity

None

 cvssV3_1

{'score': 9.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

threat_severity

Important

Fri, 29 May 2026 01:45:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in WebGL Allows Sandbox Escape in Google Chrome

Fri, 29 May 2026 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Use after free in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-30T03:56:19.660Z

Reserved: 2026-05-28T17:25:04.674Z

Link: CVE-2026-9970

cve-icon Vulnrichment

Updated: 2026-05-29T14:37:47.744Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-28T23:16:55.213

Modified: 2026-05-29T15:16:26.693

Link: CVE-2026-9970

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-9970 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T16:45:03Z

Weaknesses