Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Triggered by visiting a malicious page so AV:N/UI:R/PR:N/AC:L; use-after-free can yield renderer code execution giving high C/I/A, scope unchanged within the sandboxed process.
Primary rating from Vendor (Chrome).
CVSS VectorVendor: Chrome
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Use after free in FileSystem in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
AnalysisAI
Renderer-side heap corruption in Google Chrome's FileSystem component (versions prior to 149.0.7827.197) lets a remote attacker who lures a victim to a crafted HTML page trigger a use-after-free, potentially leading to arbitrary code execution within the renderer. Rated High severity by Chromium with a CVSS of 8.8; no public exploit identified at time of analysis, and CISA's SSVC framework currently records exploitation status as 'none'. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to actively open or be redirected to an attacker-controlled HTML page in a vulnerable Chrome build (prior to 149.0.7827.197) - this user interaction (UI:R) is the primary limiting factor; the bug cannot be triggered remotely without the user loading attacker content. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are moderately concordant toward a standard-priority browser bug rather than an emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker hosts a crafted HTML page that drives the FileSystem API to free and then reuse a heap object, and lures a victim - via phishing link, malicious ad, or compromised site - to open it in an unpatched Chrome. The use-after-free corrupts the heap and, if reliably groomed, yields code execution in the victim's renderer process, from which the attacker would typically chain a sandbox escape to reach the host. … |
| Remediation | Vendor-released patch: update Google Chrome to 149.0.7827.197 or later on the Stable channel; on managed fleets, force the browser relaunch so the patched binary is loaded rather than relying on the next user-initiated restart. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Assess Chrome deployment scope and activate update mechanism. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39042
GHSA-4mp6-2r26-5pw4