Severity by source
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
AnalysisAI
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free condition in the FullScreen component. Rated High severity by Chromium with a CVSS of 8.3, the flaw requires user interaction and high attack complexity, and no public exploit identified at time of analysis. The vendor has issued a stable channel update addressing the issue.
Technical ContextAI
The vulnerability is a CWE-416 (Use-After-Free) memory corruption bug located in the FullScreen subsystem of Chromium, the browser engine underlying Google Chrome. Use-after-free occurs when memory is referenced after it has been deallocated, allowing an attacker to manipulate freed memory regions to corrupt object state, hijack virtual function calls, or achieve arbitrary read/write primitives. In Chrome's multi-process architecture, the renderer process is sandboxed via Windows job objects and integrity levels to contain web content, so a UAF in browser-process code reachable from the renderer (such as the FullScreen IPC surface) becomes a privileged-boundary bug usable as the second stage of a full sandbox escape chain.
RemediationAI
Upgrade Google Chrome on Windows to version 149.0.7827.53 or later via the Stable channel update referenced in the Chrome Releases advisory (https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html); enterprise administrators should push the update through Group Policy, Chrome Browser Cloud Management, or their endpoint management platform and force a browser restart to apply the patch. If immediate patching is not possible, compensating controls include disabling the Fullscreen API via the FullscreenAllowedForUrls / DefaultFullscreenSetting enterprise policies (trade-off: breaks legitimate video, presentation, and game web apps), restricting browsing to a strict allowlist of trusted sites, and enforcing Site Isolation plus the Windows renderer App Container sandbox (already default in modern Chrome) to raise the cost of the prerequisite renderer compromise. Users of downstream Chromium browsers should watch for and apply their vendor's corresponding security update; the Chromium issue tracker entry at https://issues.chromium.org/issues/505045913 may remain access-restricted until broad patch deployment.
Same weakness CWE-416 – Use After Free
View allSame technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34357
GHSA-whc8-7pcg-p626