Skip to main content

Google Chrome EUVDEUVD-2026-40571

| CVE-2026-13885 HIGH
Use After Free (CWE-416)
2026-06-30 chrome-cve-admin@google.com GHSA-vgmm-5q8c-x2qh
8.8
CVSS 3.1 · Vendor: google
Share

Severity by source

Vendor (google) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Remote crafted page needs no privileges but requires the user to visit it (UI:R); renderer memory-corruption RCE gives high C/I/A within an unchanged sandbox scope.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
SUSE
HIGH
qualitative

Primary rating from Vendor (google).

CVSS VectorVendor: google

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jul 01, 2026 - 14:26 vuln.today
CVSS changed
Jul 01, 2026 - 14:22 NVD
8.8 (HIGH)
CVE Published
Jun 30, 2026 - 23:17 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 30, 2026 - 23:17 cve.org
HIGH 8.8

DescriptionCVE.org

Use after free in Skia in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

AnalysisAI

Sandboxed remote code execution in Google Chrome for Android before 150.0.7871.47, stemming from a use-after-free in the Skia graphics library, lets a remote attacker run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. Google rated the Chromium security severity as Medium, and no public exploit has been identified at time of analysis; the EPSS score is low (0.26%, 17th percentile), and the bug is not on CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Lure victim to crafted HTML page
Delivery
Skia parses malicious graphics content
Exploit
Trigger use-after-free in renderer
Execution
Reclaim freed heap object
Impact
Execute arbitrary code inside sandbox

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to visit or render an attacker-controlled crafted HTML page in Google Chrome on Android below 150.0.7871.47 - user interaction (UI:R) is mandatory, so no exploitation occurs without the user navigating to malicious content. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score is 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H): network-reachable, low complexity, no privileges, but requiring user interaction, with high confidentiality/integrity/availability impact inside the renderer. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts a crafted HTML page (or injects malicious content into a page/ad) that triggers the Skia use-after-free, then lures an Android user to visit it via link, message, or malvertising. Because AC is low and no privileges are needed, merely rendering the page can corrupt memory and execute attacker code inside the renderer sandbox; a full compromise would require chaining a separate sandbox-escape. …
Remediation Vendor-released patch: update Google Chrome for Android to 150.0.7871.47 or later via the Google Play Store or Chrome's built-in updater, then relaunch the browser to complete the update; this is the primary and sufficient fix (see https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Verify Chrome for Android auto-update status in MDM; run inventory scan for devices on versions prior to 150.0.7871.47. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Important
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

EUVD-2026-40571 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy