Description
Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-28
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free bug in Chrome’s Web App Installs component can corrupt heap memory when a user performs specific UI gestures on a crafted web page. This memory corruption may lead to unpredictable execution paths, potentially allowing an attacker to run arbitrary code or crash the browser.

Affected Systems

The flaw affects Google Chrome for macOS versions earlier than 148.0.7778.216. Users running any stable build before that release are vulnerable.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.5 and a very low EPSS (<1%), indicating rare real‑world exploitation. It is not listed in the CISA KEV catalog. Exploitation requires a remote attacker to deliver a malicious page that induces user interaction through specific UI gestures, implying a social engineering component rather than a purely silent attack.

Generated by OpenCVE AI on May 29, 2026 at 21:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Chrome update to version 148.0.7778.216 or later as soon as possible.
  • Disable the Web App Installs feature through Chrome policies or user settings if an immediate update cannot be applied.
  • Educate users about avoiding unfamiliar web pages that request unusual UI gestures, and monitor crash logs for heap corruption indicators.

Generated by OpenCVE AI on May 29, 2026 at 21:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6316-1 chromium security update
History

Mon, 01 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Fri, 29 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome Web App Installs Leads to Heap Corruption on macOS chromium-browser: Use after free in WebAppInstalls
Weaknesses CWE-825
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

threat_severity

Important

Fri, 29 May 2026 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 29 May 2026 00:45:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome Web App Installs Leads to Heap Corruption on macOS

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Apple Macos
Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-30T03:57:34.957Z

Reserved: 2026-05-28T17:25:09.109Z

Link: CVE-2026-9990

cve-icon Vulnrichment

Updated: 2026-05-29T17:59:58.751Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T23:16:57.233

Modified: 2026-06-01T18:15:58.320

Link: CVE-2026-9990

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-9990 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T21:30:06Z

Weaknesses