Skip to main content

Google Chrome CVE-2026-13027

| EUVDEUVD-2026-39042 HIGH
Use After Free (CWE-416)
2026-06-24 Chrome GHSA-4mp6-2r26-5pw4
8.8
CVSS 3.1 · Vendor: Chrome
Share

Severity by source

Vendor (Chrome) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Triggered by visiting a malicious page so AV:N/UI:R/PR:N/AC:L; use-after-free can yield renderer code execution giving high C/I/A, scope unchanged within the sandboxed process.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Red Hat
8.8 HIGH
qualitative

Primary rating from Vendor (Chrome).

CVSS VectorVendor: Chrome

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 24, 2026 - 21:32 vuln.today
CVSS changed
Jun 24, 2026 - 20:22 NVD
8.8 (HIGH)
CVE Published
Jun 24, 2026 - 18:43 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 24, 2026 - 18:43 cve.org
HIGH 8.8

DescriptionCVE.org

Use after free in FileSystem in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

AnalysisAI

Renderer-side heap corruption in Google Chrome's FileSystem component (versions prior to 149.0.7827.197) lets a remote attacker who lures a victim to a crafted HTML page trigger a use-after-free, potentially leading to arbitrary code execution within the renderer. Rated High severity by Chromium with a CVSS of 8.8; no public exploit identified at time of analysis, and CISA's SSVC framework currently records exploitation status as 'none'. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Lure victim to crafted HTML page
Delivery
JavaScript drives FileSystem API
Exploit
Trigger use-after-free, free live object
Execution
Reclaim freed heap allocation
Persist
Corrupt heap and hijack control flow
Impact
Execute code in renderer process

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to actively open or be redirected to an attacker-controlled HTML page in a vulnerable Chrome build (prior to 149.0.7827.197) - this user interaction (UI:R) is the primary limiting factor; the bug cannot be triggered remotely without the user loading attacker content. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are moderately concordant toward a standard-priority browser bug rather than an emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts a crafted HTML page that drives the FileSystem API to free and then reuse a heap object, and lures a victim - via phishing link, malicious ad, or compromised site - to open it in an unpatched Chrome. The use-after-free corrupts the heap and, if reliably groomed, yields code execution in the victim's renderer process, from which the attacker would typically chain a sandbox escape to reach the host. …
Remediation Vendor-released patch: update Google Chrome to 149.0.7827.197 or later on the Stable channel; on managed fleets, force the browser relaunch so the patched binary is loaded rather than relying on the next user-initiated restart. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Assess Chrome deployment scope and activate update mechanism. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

Share

CVE-2026-13027 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy