Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
AnalysisAI
Remote code execution in Google Chrome for Windows versions prior to 148.0.7778.216 stems from a use-after-free condition in the UI component, allowing remote attackers to execute arbitrary code by luring a user to a crafted HTML page. Chromium rated the issue High severity and CVSS 8.8 reflects the network-reachable, low-complexity nature of the bug, tempered only by required user interaction (visiting the malicious page). No public exploit identified at time of analysis and the CVE is not currently listed in CISA KEV.
Technical ContextAI
The flaw is a CWE-416 Use-After-Free in Chrome's UI subsystem on Windows, a class of memory-corruption bug where code continues to reference heap memory after it has been freed, enabling attackers to reclaim that memory with attacker-controlled data and hijack control flow. Chrome's multi-process architecture and sandbox normally contain renderer-side bugs, but UI-layer UAFs frequently sit in the browser process or are reachable in ways that increase impact, which aligns with the High severity rating from Chromium. The CPE cpe:2.3:a:google:chrome confirms the affected product is the Chrome desktop browser, with the EUVD record narrowing the affected build to anything prior to 148.0.7778.216 on Windows as stated in the description.
RemediationAI
Vendor-released patch: Google Chrome 148.0.7778.216 on Windows - update to this version or later via the Chrome Stable Channel as announced at https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html, and verify via chrome://settings/help that Chrome has restarted to apply the fix, since pending updates do not take effect until relaunch. In managed environments, push the update through Chrome Enterprise / Group Policy and force a browser relaunch, and audit for endpoints that have suppressed auto-update. Until patching completes, compensating controls include restricting browsing to known-good sites via web proxy or DNS filtering, enabling Chrome's Site Isolation and Enhanced Safe Browsing (already default in modern Chrome), and steering high-risk users to an alternate browser for untrusted content; these reduce exposure but break general-purpose web use and should be lifted once Chrome 148.0.7778.216 is deployed.
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Leap 16.0 | Fixed |
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33126
GHSA-rv3r-pw4j-7p7r