Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
AnalysisAI
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in ANGLE, the graphics abstraction layer that translates OpenGL ES calls to native GPU APIs. A remote attacker who lures a user into visiting a crafted HTML page can execute arbitrary code within the renderer sandbox, with Chromium rating the severity as Critical. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Technical ContextAI
ANGLE (Almost Native Graphics Layer Engine) is the abstraction library Chrome uses to translate WebGL and other OpenGL ES API calls into the underlying graphics backend (Direct3D on Windows, Metal on macOS, Vulkan/OpenGL on Linux). The CWE-416 use-after-free root cause indicates that ANGLE retains and dereferences a pointer to a graphics resource (such as a texture, buffer, or context object) after its memory has been freed, allowing an attacker who controls the heap layout via crafted WebGL shaders or draw calls to substitute attacker-controlled data at that location. The CPE entry cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* indicates all Chrome variants are in scope where ANGLE/WebGL is enabled, which is the default across desktop platforms.
RemediationAI
Vendor-released patch: update Google Chrome to 148.0.7778.216 or later via the Chrome Releases advisory at https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html; the Chromium issue tracker entry is at https://issues.chromium.org/issues/499054245. Enterprise administrators should push the update through Chrome Browser Cloud Management or Group Policy and verify via chrome://settings/help. If immediate patching is not feasible, disabling hardware acceleration (chrome://settings/system → Use graphics acceleration when available) reduces ANGLE attack surface for WebGL workloads at the cost of slower video/graphics performance and broken WebGL apps; alternatively, enforce strict site isolation and block WebGL via the URLBlocklist or HardwareAccelerationModeEnabled enterprise policy, which will break legitimate 3D web content. Downstream Chromium browsers (Edge, Brave, Opera) should be updated as their vendors ship the merged fix.
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, a
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, do
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderb
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Conta
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbi
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and Se
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13
Same weakness CWE-416 – Use After Free
View allSame technique Use After Free
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Leap 16.0 | Fixed |
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33173
GHSA-54q4-ch9p-5885