Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Remote crafted page with no auth (AV:N/PR:N) but requires the victim to open it (UI:R); high memory-corruption impact within the unchanged renderer sandbox scope (S:U).
Primary rating from Vendor (Chrome).
CVSS VectorVendor: Chrome
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
AnalysisAI
Remote code execution in Google Chrome's Blink rendering engine (versions prior to 149.0.7827.197) allows a remote attacker to run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High by Chromium with a CVSS of 8.8; it requires user interaction (visiting a malicious page) but no authentication. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to open a crafted HTML page in an unpatched Google Chrome before 149.0.7827.197 - the user-interaction requirement (UI:R) means the attacker must lure the user to attacker-controlled content; it cannot be triggered without that page load. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, 8.8 High) indicates network-reachable, low-complexity exploitation with no privileges but requiring user interaction, and unchanged scope with total impact to confidentiality, integrity, and availability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker hosts a malicious web page (or compromises an ad/iframe on a legitimate site) containing crafted HTML and JavaScript that triggers the Blink use-after-free, then entices a victim to visit it via phishing or malvertising. When the page loads in an unpatched Chrome, the dangling pointer is reclaimed with attacker-controlled data, yielding arbitrary code execution within the renderer sandbox. … |
| Remediation | Vendor-released patch: 149.0.7827.197 - update Google Chrome to 149.0.7827.197 or later via the Chrome Releases stable channel update (https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html), then fully relaunch the browser to apply the new build since Chrome only loads the updated binary after a restart. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Issue urgent directive requiring all users to update Google Chrome to version 149.0.7827.197 or later and verify automatic updates are enabled. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39048