Skip to main content

Google Chrome EUVDEUVD-2026-34405

| CVE-2026-10956 HIGH
Use After Free (CWE-416)
2026-06-04 chrome-cve-admin@google.com GHSA-qjrm-w88w-xv67
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
8.8 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 05, 2026 - 02:50 vuln.today
CVSS changed
Jun 05, 2026 - 02:22 NVD
8.8 (HIGH)
CVE Published
Jun 04, 2026 - 23:16 nvd
HIGH 8.8
CVE Published
Jun 04, 2026 - 23:16 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Use after free in MimeHandlerView in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

AnalysisAI

Sandboxed remote code execution in Google Chrome before 149.0.7827.53 stems from a use-after-free flaw in the MimeHandlerView component, exploitable when a victim visits a crafted HTML page. Chromium rates the issue High severity and CVSS 8.8 reflects network-reachable exploitation with user interaction; no public exploit identified at time of analysis, and the bug is not on the CISA KEV list.

Technical ContextAI

MimeHandlerView is the Chromium subsystem that hosts embedded MIME handlers (such as the PDF and other stream-extension viewers) inside guest views, mediating between the renderer process and plugin-like components. CWE-416 (Use After Free) here means an object referenced by MimeHandlerView is freed while a dangling pointer remains reachable, and subsequent operations dereference that freed memory - typically corrupting the heap and yielding attacker-controlled control flow. Because MimeHandlerView straddles the renderer and the embedder, memory corruption here is reachable from web content but the resulting execution remains inside Chrome's renderer sandbox unless chained with a sandbox escape.

RemediationAI

Vendor-released patch: Google Chrome 149.0.7827.53 - upgrade Chrome Stable to 149.0.7827.53 or later on Windows, macOS, and Linux per the Chrome Releases Stable Channel Update at http://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html, and verify with chrome://settings/help so the renderer is restarted. For managed fleets, push the update via your endpoint management or Chrome Browser Cloud Management policy and confirm devices have relaunched. As a compensating control until patching completes, restrict navigation to untrusted sites via web proxy/URL filtering and consider temporarily disabling the PDF viewer through the AlwaysOpenPdfExternally enterprise policy to reduce MimeHandlerView exposure - note this changes user workflow by forcing downloads, and does not eliminate other MimeHandlerView entry points. Chromium-based browser users should apply their vendor's equivalent build that incorporates the upstream fix tracked at https://issues.chromium.org/issues/506375731.

Vendor StatusVendor

SUSE

Severity: High
Product Status
openSUSE Tumbleweed Fixed

Share

EUVD-2026-34405 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy