Skip to main content

Google Chrome EUVD-2026-35234

| CVE-2026-11634 CRITICAL
Use After Free (CWE-416)
2026-06-09 chrome-cve-admin@google.com GHSA-2h37-qq8x-j923
Google Memory Corruption Use After Free Microsoft Denial Of Service Red Hat Suse
9.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.6 CRITICAL
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
SUSE
CRITICAL
qualitative
Red Hat
9.6 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 09, 2026 - 02:54 vuln.today
CVSS changed
Jun 09, 2026 - 02:22 NVD
9.6 (CRITICAL)
CVE Published
Jun 09, 2026 - 00:16 nvd
CRITICAL 9.6
CVE Published
Jun 09, 2026 - 00:16 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Articles & Coverage 1

News Critical Sandbox Escape via UAF in Google Chrome on Windows - CVE-2026-11634 Jun 09, 2026

AnalysisAI

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.103 allows remote attackers to exploit a use-after-free flaw in the Gamepad component via a crafted HTML page, requiring only that a victim visit a malicious site. Chromium rates this Critical severity and the CVSS score of 9.6 reflects scope change (sandbox escape) with high impact across confidentiality, integrity, and availability. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Lure victim to malicious page
Delivery
Deliver crafted HTML/JavaScript
Exploit
Manipulate Gamepad API objects
Execution
Trigger use-after-free in browser process
Persist
Escape renderer sandbox
Impact
Execute code at user privilege
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Victim must visit an attacker-controlled or compromised web page in a vulnerable Chrome build on Windows (UI:R, user interaction required) - no authentication, no special site permissions, and no non-default configuration are needed, since the Gamepad API is exposed to any origin by default and does not require a prompt to enumerate devices. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All signals point to high real-world risk: CVSS 9.6 with AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H captures network-reachable, low-complexity, unauthenticated exploitation that only needs a user to load a page, and the scope change (S:C) reflects the sandbox escape crossing the renderer trust boundary. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts a malicious page (or compromises an ad network / watering-hole site) containing JavaScript that manipulates Gamepad API objects to trigger the use-after-free; when a victim on Windows visits the page with a vulnerable Chrome build, the freed memory is reclaimed under attacker control, allowing code execution in the higher-privileged browser process and escape from the renderer sandbox. Chained with a renderer RCE, this yields full code execution on the host at user privilege. …
Remediation Vendor-released patch: Google Chrome 149.0.7827.103 for Windows - update immediately via the Chrome Releases advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html and force a relaunch so the new binary loads (Chrome does not apply the fix until the browser is restarted). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Issue security alert to all users, assess Chrome deployment scope across Windows systems, and prepare patch distribution plan for Google Chrome 149.0.7827.103. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
openSUSE Leap 16.0 Fixed
openSUSE Tumbleweed Fixed

Share

EUVD-2026-35234 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy