Skip to main content

Google Chrome EUVDEUVD-2026-39047

| CVE-2026-13035 HIGH
Use After Free (CWE-416)
2026-06-24 Chrome GHSA-r2jr-m2rh-f5hg
8.8
CVSS 3.1 · Vendor: Chrome
Share

Severity by source

Vendor (Chrome) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
8.0 HIGH

Attack relies on a proximate malicious Bluetooth peripheral, so AV:A rather than AV:N; UI:R because the user must grant Bluetooth access; no privileges needed and full RCE impact.

3.1 AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Chrome).

CVSS VectorVendor: Chrome

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 24, 2026 - 21:34 vuln.today
CVSS changed
Jun 24, 2026 - 20:22 NVD
8.8 (HIGH)
CVE Published
Jun 24, 2026 - 18:43 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 24, 2026 - 18:43 cve.org
HIGH 8.8

DescriptionCVE.org

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: High)

AnalysisAI

Remote code execution in Google Chrome for macOS prior to 149.0.7827.197 stems from a use-after-free in the browser's Bluetooth subsystem, letting a malicious Bluetooth peripheral corrupt memory and execute arbitrary code in the browser process. The flaw is rated High severity by Chromium with a CVSS 8.8, requires user interaction (UI:R) but no privileges, and currently has no public exploit identified at time of analysis; CISA SSVC marks exploitation status as none.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Lure victim to malicious page on vulnerable Chrome/macOS
Delivery
Victim grants Web Bluetooth access to rogue peripheral
Exploit
Peripheral sends crafted responses triggering UAF
Execution
Reclaim freed Bluetooth object on heap
Persist
Hijack control flow in browser process
Impact
Execute arbitrary code

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to run a vulnerable Chrome build (< 149.0.7827.197) on macOS and to interact with a malicious Bluetooth peripheral - the CVSS UI:R flag confirms user interaction is mandatory, which in the Web Bluetooth flow means the user must accept a site's Bluetooth device-access prompt and connect to the attacker-controlled device. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Multiple signals point to a genuinely high-priority but not yet actively exploited issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker lures a victim to a malicious web page or has them connect to a rogue Bluetooth peripheral; when the user grants Bluetooth access (the required user interaction), the attacker-controlled peripheral returns crafted responses that trigger the use-after-free in Chrome's Bluetooth code, corrupting heap memory to execute arbitrary code in the browser process. Because attack complexity is low and no privileges are required, a reliable exploit could lead to full browser compromise, though no public POC has been identified at time of analysis.
Remediation Vendor-released patch: update Google Chrome on macOS to 149.0.7827.197 or later, which is the fixed Stable channel release per Google's advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html; trigger Chrome's built-in updater (chrome://settings/help) and relaunch to apply, and roll the update through enterprise management (e.g., Google Admin/MDM) for fleet machines. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Communicate vulnerability to macOS user base and request immediate Chrome update to version 149.0.7827.197 or later; add notice about avoiding unknown Bluetooth connections. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39047 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy