Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: Medium)
AnalysisAI
Remote heap corruption in Google Chrome prior to 149.0.7827.53 allows attackers to exploit a use-after-free condition in the Network component via crafted network traffic when a user visits or interacts with attacker-controlled content. Rated CVSS 8.8 with a patch available from Google, though EPSS exploitation probability is currently very low (0.03%, 11th percentile) and no public exploit has been identified at time of analysis.
Technical ContextAI
The flaw is a CWE-416 Use-After-Free in Chrome's Network stack, the subsystem that handles HTTP(S), socket, and protocol-level traffic within the Chromium multi-process architecture. Use-after-free bugs occur when memory is freed but a dangling pointer remains accessible, allowing later reads/writes to reference attacker-controllable heap state; in a browser's network code this can be reached by manipulating response sequencing, connection lifecycle, or protocol parsing. Chromium classifies this internally as Medium severity, but the resulting heap corruption is the standard primitive used to chain into renderer or network-process compromise. Affected component is tracked under Chromium issue 497722502.
RemediationAI
Vendor-released patch: upgrade Google Chrome to 149.0.7827.53 or later via the Stable channel update documented at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html; managed environments should push the update through Chrome Browser Cloud Management, Group Policy, or MDM and force-restart browsers to apply it. Downstream Chromium-based browser users should install the corresponding vendor release once their project rebases on the patched Chromium. Until patching is complete, compensating controls include restricting browsing to trusted destinations via enterprise web filtering, disabling preloading/prefetch features that increase exposure to attacker-controlled connections (at the cost of perceived performance), and enabling Site Isolation and the Network Service sandbox where not already on (negligible side effect). Track the Chromium issue at https://issues.chromium.org/issues/497722502 for additional detail as it becomes public.
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, a
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, do
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderb
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Conta
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbi
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and Se
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13
Same weakness CWE-416 – Use After Free
View allSame technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: Important| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Leap 16.0 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34479
GHSA-jj3v-p7gf-2xfj