Skip to main content

Google Chrome CVE-2026-10943

| EUVDEUVD-2026-34392 HIGH
Use After Free (CWE-416)
2026-06-04 chrome-cve-admin@google.com GHSA-m7mg-gg49-xp87
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
8.8 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 05, 2026 - 02:46 vuln.today
CVSS changed
Jun 05, 2026 - 02:22 NVD
8.8 (HIGH)
CVE Published
Jun 04, 2026 - 23:16 nvd
HIGH 8.8
CVE Published
Jun 04, 2026 - 23:16 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

AnalysisAI

Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the WebRTC component that allows a remote attacker to execute arbitrary code within the renderer sandbox via a crafted HTML page. Exploitation requires user interaction (UI:R) such as visiting a malicious site, and while no public exploit has been identified at time of analysis, Google rates the underlying Chromium severity as High and a vendor patch is available.

Technical ContextAI

The vulnerability resides in WebRTC (Web Real-Time Communication), the open-source framework Chromium uses to power peer-to-peer audio, video, and data-channel communication in the browser. CWE-416 (Use After Free) indicates that WebRTC retains and dereferences a pointer to memory that has already been freed, enabling an attacker to influence the contents of that memory region and gain control over program flow. Because WebRTC code runs inside the Chrome renderer process, successful exploitation yields code execution constrained by Chrome's sandbox, which is why the description explicitly notes execution occurs 'inside a sandbox' rather than at the OS level - a full compromise would require chaining a separate sandbox escape.

RemediationAI

Vendor-released patch: Google Chrome 149.0.7827.53 - upgrade Chrome on all desktop endpoints to this version or later via the Stable channel update referenced at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html, and ensure managed deployments (enterprise MSI, Chrome Browser Cloud Management, MDM-pushed configurations) roll out promptly. Operators of Chromium-derived browsers should track and apply their vendor's corresponding respin once published. If patching cannot be completed immediately, a tactical compensating control is to disable WebRTC functionality via enterprise policy (for example the WebRtcUdpPortRange / URLBlocklist patterns or extensions such as 'WebRTC Network Limiter'), accepting the side effect that this breaks Google Meet, Microsoft Teams web client, Zoom web, Discord voice/video, and other RTC-dependent web apps. Network-level mitigation by blocking STUN/TURN egress reduces but does not eliminate exposure because the UAF triggers on parsing of attacker-controlled content before media negotiation completes.

Vendor StatusVendor

SUSE

Severity: High
Product Status
openSUSE Tumbleweed Fixed

Share

CVE-2026-10943 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy