Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Remote crafted page needs only a victim visit (AV:N/AC:L/PR:N/UI:R); sandbox-confined RCE keeps scope Unchanged with high C/I/A within the renderer.
Primary rating from Vendor (google).
CVSS VectorVendor: google
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Use after free in Actor in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
AnalysisAI
Remote code execution in Google Chrome desktop before 150.0.7871.115 lets a remote attacker run arbitrary code (constrained to the renderer sandbox) by luring a victim to a crafted HTML page that triggers a use-after-free in the Actor component. The flaw is network-reachable and requires only that the user visit a malicious page, but Chromium rates the severity High rather than Critical because code execution stays inside the renderer sandbox. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to actively open or be redirected to attacker-controlled HTML in a vulnerable Chrome build (prior to 150.0.7871.115) - the CVSS UI:R flag confirms user interaction (visiting/loading the page) is mandatory, which is the primary limiting factor. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, base 8.8) indicates a network-reachable, low-complexity, unauthenticated bug whose only real gate is user interaction - a victim must open a malicious page - and whose scope is Unchanged, consistent with execution remaining inside the sandbox. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker hosts a crafted HTML page - or injects it via a malvertising frame or compromised site - that triggers the use-after-free in Chrome's Actor component when rendered. A victim running a pre-150.0.7871.115 build simply visits the page, and the attacker gains arbitrary code execution within the renderer sandbox, from which they would typically chain a separate sandbox-escape to reach the host. … |
| Remediation | Patch available per vendor advisory: update Google Chrome to 150.0.7871.115 or later on all desktop platforms via the Chrome Releases advisory at https://chromereleases.googleblog.com/2026/07/stable-channel-update-for-desktop_01162222768.html, then fully restart the browser so the new build is loaded (Chrome auto-updates but the relaunch is required to apply it). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Deploy communication requiring all users to update Google Chrome to version 150.0.7871.115 or later; confirm that Chrome auto-update is enabled in your environment. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42487
GHSA-rf8j-gp6c-595q