Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Remote crafted page requires a user to visit (UI:R) but no auth (PR:N); renderer UAF yields high CIA within an unchanged scope (S:U) as code stays in the sandbox.
Primary rating from Vendor (google).
CVSS VectorVendor: google
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Use after free in Input in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
AnalysisAI
Remote code execution in Google Chrome desktop before 150.0.7871.115 stems from a use-after-free in the browser's Input component, letting a remote attacker who lures a victim to a crafted HTML page run arbitrary code inside the renderer sandbox. Google rates the Chromium severity High and CVSS is 8.8, requiring user interaction (visiting a malicious page) but no authentication. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to open a crafted HTML page in a vulnerable Google Chrome build prior to 150.0.7871.115 (UI:R user interaction), so it cannot be triggered fully unattended - a user must navigate to attacker-controlled content. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H = 8.8) indicates network reachability, low complexity, no privileges, but required user interaction and unchanged scope with full CIA impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker hosts a malicious web page containing JavaScript that manipulates input event objects to trigger the use-after-free in Chrome's Input component, then delivers the link via phishing email or a compromised/malvertising ad served on a legitimate site. When a victim running a pre-150.0.7871.115 Chrome opens the page (the required user interaction), the dangling pointer is exploited to execute attacker-controlled code within the renderer sandbox. … |
| Remediation | Vendor-released patch: update Google Chrome to 150.0.7871.115 or later on Windows, macOS, and Linux via the built-in updater (Settings > About Google Chrome) and relaunch the browser to apply, per the Chrome Releases advisory (https://chromereleases.googleblog.com/2026/07/stable-channel-update-for-desktop_01162222768.html). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Notify all users to update Chrome immediately. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42489
GHSA-jhrp-v2xg-mr29