Skip to main content

Google Chrome CVE-2026-13831

| EUVDEUVD-2026-40517 HIGH
Use After Free (CWE-416)
2026-06-30 chrome-cve-admin@google.com GHSA-96qm-pj77-hp32
7.5
CVSS 3.1 · Vendor: google
Share

Severity by source

Vendor (google) PRIMARY
7.5 HIGH
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
7.5 HIGH

AC:H and UI:R reflect the required prior renderer compromise plus victim page load; S:U because code stays within the GPU sandbox; C/I/A:H for total impact on the affected component.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
SUSE
HIGH
qualitative

Primary rating from Vendor (google).

CVSS VectorVendor: google

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jul 01, 2026 - 16:32 vuln.today
CVSS changed
Jul 01, 2026 - 14:22 NVD
7.5 (HIGH)
CVE Published
Jun 30, 2026 - 23:16 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 30, 2026 - 23:16 cve.org
HIGH 7.5

DescriptionCVE.org

Out of bounds read and write in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

AnalysisAI

Out-of-bounds read/write (use-after-free) in Google Chrome's GPU component lets a remote attacker who has already compromised the renderer process run arbitrary code - though still confined inside the sandbox - by serving a crafted HTML page to a Chrome build prior to 150.0.7871.47. Google rates the Chromium severity High and has shipped a fixed Stable-channel build; there is no public exploit identified at time of analysis and EPSS puts near-term exploitation probability at just 0.26%.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Compromise renderer process via separate bug
Delivery
Serve crafted HTML page
Exploit
Trigger GPU use-after-free (OOB read/write)
Execution
Corrupt GPU memory and hijack execution
Impact
Run arbitrary code inside GPU sandbox

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to have already compromised Chrome's renderer process (an explicit precondition in the CVE text - this is a chained, second-stage bug, not a standalone remote entry point), and to deliver a crafted HTML page to a Chrome build earlier than 150.0.7871.47. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals point to a serious-but-not-emergency issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has already exploited a separate renderer bug (or lured a victim to a malicious site that provides one) serves a crafted HTML page that drives the GPU process into the freed-memory condition, corrupting GPU memory to execute code within the GPU sandbox as a stepping stone toward a fuller sandbox escape. No public exploit is identified at time of analysis, and the high attack complexity plus required renderer foothold make this a chained, targeted operation rather than a drive-by.
Remediation Vendor-released patch: update Google Chrome to 150.0.7871.47 or later via the Stable channel (Settings → About Chrome to force the update, then relaunch), per Google's advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Notify security teams and inventory current Chrome versions in use across the organization. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Important
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

CVE-2026-13831 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy