Description
Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-28
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a use‑after‑free flaw in Chrome’s WebAppInstalls feature on macOS. When a user performs specific UI gestures after opening a crafted HTML page, the browser may free an object and later use it again, corrupting the heap. The corrupted memory could be overwritten with attacker‑controlled data, potentially enabling arbitrary code execution or other malicious actions within the browser context.

Affected Systems

The flaw exists in Google Chrome for macOS versions prior to 148.0.7778.216. Users running an older stable build are susceptible.

Risk and Exploitability

The issue carries a high severity rating, with an EPSS score of < 1% and it is not listed in the CISA KEV catalog. Exploitation requires the attacker to persuade a user to perform certain UI gestures, implying a user‑interaction component. If successful, the heap corruption could lead to arbitrary code execution with the privileges of the browser process.

Generated by OpenCVE AI on May 29, 2026 at 14:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 148.0.7778.216 or later as soon as possible.
  • If an immediate upgrade is not available, disable the Web App Installs feature through Chrome policies or user settings to prevent the vulnerable code path.
  • Implement user awareness training to avoid executing unexpected scripts on unfamiliar pages and monitor browser logs for heap corruption errors.

Generated by OpenCVE AI on May 29, 2026 at 14:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome Web App Installs Leads to Heap Corruption on macOS chromium-browser: Use after free in WebAppInstalls
Weaknesses CWE-825
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

threat_severity

Important

Fri, 29 May 2026 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 29 May 2026 00:45:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome Web App Installs Leads to Heap Corruption on macOS

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-29T18:00:08.283Z

Reserved: 2026-05-28T17:25:09.109Z

Link: CVE-2026-9990

cve-icon Vulnrichment

Updated: 2026-05-29T17:59:58.751Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-28T23:16:57.233

Modified: 2026-05-29T19:16:31.623

Link: CVE-2026-9990

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-9990 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:00:17Z

Weaknesses