Severity by source
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
AC:H and UI:R reflect the need for a crafted page plus a pre-compromised renderer; S:C captures the renderer-to-browser sandbox escape with full CIA impact, matching the vendor rating.
Primary rating from Vendor (google).
CVSS VectorVendor: google
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Use after free in Core in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
AnalysisAI
Sandbox escape in Google Chrome's Core component on Windows (versions prior to 150.0.7871.115) lets an attacker who has already compromised the renderer process break out of the sandbox and reach the higher-privileged browser process via a crafted HTML page. The flaw is a CWE-416 use-after-free rated High by Chromium and CVSS 8.3, with a scope change reflecting the renderer-to-browser boundary crossing. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires two concrete prerequisites drawn from the description: (1) the attacker must have ALREADY compromised the Chrome renderer process - this bug is a sandbox-escape primitive, not an initial entry point - and (2) the victim must load a crafted HTML page (UI:R), which triggers the use-after-free in the Core component. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals point to a real but chained risk rather than a drive-by one-click threat. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker first compromises Chrome's renderer using a separate bug, then serves a crafted HTML page that triggers the use-after-free in Core to corrupt memory and escape the sandbox, gaining code execution in the more privileged browser process on the victim's Windows host. Because the user must load the malicious page (UI:R) and the attacker must already control the renderer, this is realistically the sandbox-escape link of a multi-stage chain. … |
| Remediation | Vendor-released patch: 150.0.7871.115 - update Google Chrome on Windows to 150.0.7871.115 or later via the Chrome Stable channel and relaunch the browser to apply the fix, as described in the vendor advisory at https://chromereleases.googleblog.com/2026/07/stable-channel-update-for-desktop_01162222768.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify Chrome version distribution across Windows fleet and notify stakeholders of patch urgency. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42449
GHSA-m4r4-q82r-9vfm