Severity by source
Sources disagree (Low–Critical)AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
AnalysisAI
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to break out of the renderer sandbox via a use-after-free flaw in the Input component when a victim visits a crafted HTML page. The CVSS score of 9.6 reflects the scope change inherent to sandbox escapes, though Chromium rated the underlying severity as Low and EPSS estimates exploitation probability at only 0.03%. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.
Technical ContextAI
The vulnerability is a CWE-416 Use-After-Free in Chrome's Input subsystem, which handles keyboard, mouse, touch, and pointer event dispatch within Blink and the browser process. Use-after-free bugs in this surface typically arise when an Input object's lifetime is not correctly tied to its referencing handler, allowing memory to be reclaimed and re-allocated for attacker-controlled data before the dangling pointer is dereferenced. Because the CVSS vector includes S:C (scope changed), the bug enables crossing the renderer/browser trust boundary - i.e., a sandbox escape - which is consistent with the 'Input' surface being reachable across processes. Affected builds correspond to all Chrome desktop versions before 149.0.7827.53 (per the EUVD record EUVD-2026-34754).
RemediationAI
Vendor-released patch: Google Chrome 149.0.7827.53 on the Stable channel - upgrade all desktop installs by allowing the auto-updater to apply the build or by forcing an update via chrome://settings/help, then restart the browser to complete activation; verify per the Chrome Releases advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html. Enterprises managing Chrome via policy should push the new pinned version through their MDM/GPO channel and confirm fleet compliance. For downstream Chromium browsers (Edge, Brave, Opera, Vivaldi) and Electron-based apps, update to the vendor build that incorporates the equivalent Chromium fix. As a temporary compensating control until the update lands, restrict users to trusted sites via SafeSites/URL allowlists or enable Enhanced Safe Browsing - these reduce exposure to malicious HTML payloads but do not eliminate risk from compromised or ad-served content.
Same weakness CWE-416 – Use After Free
View allSame technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: Critical| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Leap 16.0 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34754
GHSA-66jg-ppmj-786h