Use After Free
Monthly
Remote code execution in Google Chrome on Windows prior to version 149.0.7827.53 allows a remote attacker to escape memory safety boundaries within the renderer sandbox via a crafted HTML page. The flaw stems from a use-after-free condition in the Media component and requires user interaction (visiting a malicious page); no public exploit has been identified at time of analysis. With a CVSS of 8.8 and confirmed Chromium classification, this is a typical browser memory-corruption bug that historically attracts exploit chains.
Remote code execution in Google Chrome's Blink rendering engine prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page. The flaw is a use-after-free memory corruption issue (CWE-416) carrying a CVSS 8.8 score, with a vendor patch already shipped via the Chrome stable channel and no public exploit identified at time of analysis.
Remote code execution in Google Chrome on Windows prior to 149.0.7827.53 allows attackers to run arbitrary code inside the renderer sandbox by luring a user to a crafted HTML page that triggers a use-after-free in the ANGLE graphics layer. The flaw carries a CVSS 8.8 score and requires user interaction (visiting a malicious page), and no public exploit identified at time of analysis. The sandbox containment limits direct system impact, but the bug is a strong candidate for chaining with a sandbox escape.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code inside the renderer sandbox by enticing a victim to visit a crafted HTML page that triggers a use-after-free condition in the WebRTC component. No public exploit identified at time of analysis, though the high CVSS score of 8.8 and the memory corruption class make this a priority browser patch. Chromium rates the security severity as Medium despite the CVSS score, suggesting sandbox containment limits real-world impact.
Remote code execution in Google Chrome's V8 JavaScript engine before version 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free memory corruption issue rated CVSS 8.8 (High), and while no public exploit has been identified at time of analysis, V8 bugs of this class are historically high-value targets for exploit chains. SSVC indicates no observed exploitation, but technical impact is total within the sandbox boundary.
Remote code execution in Google Chrome's Password Manager component (versions prior to 149.0.7827.53) allows a remote attacker to execute arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. The flaw stems from a use-after-free memory corruption condition (CWE-416) and carries a CVSS 3.1 score of 8.8. No public exploit identified at time of analysis, but a vendor patch has been released by Google.
Heap corruption in Google Chrome's Views component prior to version 149.0.7827.53 allows a remote attacker to potentially execute code in the renderer when a user is convinced to perform specific UI gestures on a crafted HTML page. The flaw is a use-after-free (CWE-416) carrying a CVSS 8.8 rating, but EPSS is very low at 0.03% (11th percentile) and no public exploit is identified at time of analysis. Google has shipped a patched stable channel build, and Chromium rates the underlying issue as Medium severity.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) requiring user interaction to visit the malicious page, and no public exploit has been identified at time of analysis despite an EPSS score of 0.03% indicating very low near-term exploitation probability.
Remote heap corruption in Google Chrome prior to 149.0.7827.53 allows attackers to exploit a use-after-free condition in the Network component via crafted network traffic when a user visits or interacts with attacker-controlled content. Rated CVSS 8.8 with a patch available from Google, though EPSS exploitation probability is currently very low (0.03%, 11th percentile) and no public exploit has been identified at time of analysis.
Sandbox-contained arbitrary code execution in Google Chrome's Media component affects Linux and ChromeOS builds prior to 149.0.7827.53, where a use-after-free flaw can be triggered via a crafted HTML page. Exploitation requires that the attacker has already compromised the renderer process, meaning this bug functions as a second-stage primitive in a multi-vulnerability chain rather than a standalone RCE. No public exploit identified at time of analysis, and Chromium rates the internal severity as Medium despite the NVD CVSS of 8.8.
Sandbox escape in Google Chrome on Android before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Serial component. Exploitation requires user interaction with a crafted HTML page and a prior renderer compromise, making this a second-stage vulnerability typically chained with another bug. No public exploit identified at time of analysis and EPSS is very low (0.03%), but Google has shipped a patched stable channel build.
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows remote attackers who have already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the WebShare component. The flaw requires a pre-existing renderer compromise plus user interaction, and no public exploit identified at time of analysis, though Chromium-rated Medium severity and the patch availability suggest defenders should treat it as part of the standard Chrome update cycle.
Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 can be triggered by a remote attacker via a crafted HTML page that exploits a use-after-free condition in the USB component. The flaw carries a CVSS score of 9.6 due to its scope-changing impact, though Google rated the underlying Chromium security severity as Medium, and no public exploit has been identified at time of analysis with an EPSS score of just 0.03%.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 is possible through a use-after-free flaw in the WebRTC component, allowing a remote attacker to execute arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. The issue carries a CVSS 3.1 score of 8.8 (High) and a vendor patch is available, though there is no public exploit identified at time of analysis and the flaw is rated Medium severity by Chromium's own security team.
Sandbox escape in Google Chrome's Autofill component prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) requiring user interaction (UI:R) and a chained renderer compromise, and no public exploit has been identified at time of analysis despite the very high 9.6 CVSS score driven by scope change.
Remote code execution in Google Chrome on Linux prior to 149.0.7827.53 allows attackers to execute arbitrary code within the renderer sandbox by luring a user to a malicious web page that triggers a use-after-free condition in the Fonts component. The flaw carries a CVSS 3.1 base score of 8.8 (High) and no public exploit identified at time of analysis, though Chromium memory-corruption issues historically attract rapid POC development. Exploitation requires user interaction (visiting attacker-controlled content) but no authentication.
Remote code execution in Google Chrome's V8 JavaScript engine prior to version 149.0.7827.53 allows remote attackers to execute arbitrary code inside the renderer sandbox by serving a crafted HTML page and convincing a user to perform specific UI gestures. The flaw is a use-after-free (CWE-416) memory corruption issue with a high CVSS score of 8.8, rated Medium severity by Chromium; no public exploit identified at time of analysis.
Sandbox escape in Google Chrome's Glic component prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue (CWE-416) requiring user interaction and a chained renderer compromise; no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.03%.
Sandbox escape in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Views component, triggered by a crafted HTML page. Google rates the Chromium security severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis and EPSS exploitation probability is currently very low (0.03%).
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page that triggers a use-after-free in the WebXR component. Google rates the issue High severity and CVSS scores it 8.8, with user interaction required but no authentication or privileges needed; no public exploit identified at time of analysis.
Remote code execution in Google Chrome on Windows prior to version 149.0.7827.53 stems from a use-after-free flaw in the Chromoting (Chrome Remote Desktop) component. A remote attacker can deliver malicious network traffic that, combined with minimal user interaction, allows arbitrary code execution within the browser's renderer context. No public exploit identified at time of analysis, but Google rates the underlying Chromium severity as High.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the WebRTC component, enabling a remote attacker to execute arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. The issue is rated High severity by Chromium and carries a CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:N/UI:R), reflecting low complexity and no privilege requirement but requiring user interaction. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.
Sandbox escape in Google Chrome on Linux prior to 149.0.7827.53 allows a remote attacker to break out of the renderer process by luring a user to a crafted HTML page that triggers a use-after-free in the Ozone display/windowing layer. Google rates the underlying Chromium issue as High severity and a vendor patch is available; no public exploit identified at time of analysis and the EPSS score is very low (0.03%).
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the Chrome sandbox via a crafted HTML page that triggers a use-after-free in the SurfaceCapture component. The flaw is rated High severity by Chromium and carries a CVSS 3.1 score of 8.3 with scope change, reflecting that successful exploitation crosses the renderer/browser security boundary. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Sandbox escape in Google Chrome for iOS before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free condition. The flaw is rated High severity by Chromium and has a CVSS score of 8.3, but no public exploit has been identified at time of analysis and it is not listed in CISA KEV. Successful exploitation typically requires chaining with a separate renderer-compromise primitive, raising the practical bar.
Sandboxed remote code execution in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code inside the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free in the Input component, rated High by Chromium and 8.8 by CVSS. No public exploit identified at time of analysis, but Chrome UAF bugs in renderer-reachable components are historically high-value targets for chained sandbox escapes.
Remote code execution in Google Chrome for iOS before 149.0.7827.53 allows a remote attacker to execute arbitrary code by enticing a user to visit a crafted HTML page and perform specific UI gestures, triggering a use-after-free condition. Google rates the underlying Chromium issue as High severity, and no public exploit has been identified at time of analysis. The flaw requires user interaction, which somewhat reduces but does not eliminate real-world risk given Chrome's massive install base on iOS.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Glic component, allowing a remote attacker to run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. Google has rated the Chromium security severity as High, and a vendor patch is available, though no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Sandboxed remote code execution in Google Chrome before 149.0.7827.53 stems from a use-after-free flaw in the MimeHandlerView component, exploitable when a victim visits a crafted HTML page. Chromium rates the issue High severity and CVSS 8.8 reflects network-reachable exploitation with user interaction; no public exploit identified at time of analysis, and the bug is not on the CISA KEV list.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Actor component that lets a remote attacker run arbitrary code within the renderer sandbox via a malicious HTML page. The flaw carries CVSS 8.8 and requires user interaction (visiting a crafted page), and at time of analysis there is no public exploit identified, though Chromium rates the security severity as High and a vendor patch has shipped.
Sandbox escape in Google Chrome on Android versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw stems from a use-after-free condition in the Core component and is rated High severity by Chromium with a CVSS of 8.3. No public exploit identified at time of analysis, though the bug enables a critical post-exploitation chain step when paired with a renderer RCE.
Heap corruption in Google Chrome for iOS prior to 149.0.7827.53 allows remote attackers to potentially execute arbitrary code by luring a user to a crafted HTML page that triggers a use-after-free condition. Google has rated this as High severity and a vendor patch is available, though no public exploit has been identified at time of analysis. The CVSS 8.8 score reflects network-reachable exploitation with low complexity but requires user interaction (visiting a malicious page).
Heap corruption in Google Chrome on iOS before version 149.0.7827.53 enables remote attackers to potentially execute arbitrary code by enticing a user to interact with a malicious HTML page that triggers a use-after-free in the Autofill component. Chromium rates the underlying flaw as High severity, and while a vendor patch is available, no public exploit has been identified at time of analysis and EPSS remains very low at 0.03%.
Remote code execution in Google Chrome prior to 149.0.7827.53 allows a remote attacker to trigger a use-after-free condition in the WebRTC component by enticing a victim to visit a crafted HTML page, resulting in arbitrary code execution within the renderer sandbox. Google rated this as High severity and a vendor patch is available; no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the WebRTC component, enabling a remote attacker to execute arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. Google rates the underlying Chromium severity as High, and the CVSS 3.1 score of 8.8 reflects network-reachable, low-complexity exploitation requiring only user interaction (visiting a page). No public exploit code has been identified at time of analysis and the vulnerability is not listed in CISA KEV.
Sandboxed arbitrary code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the browser's PDF component, exploitable when a remote attacker convinces a user to perform specific UI gestures after loading a crafted PDF. Chromium rates the severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis and CISA SSVC marks exploitation status as none.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the WebRTC component that allows a remote attacker to execute arbitrary code within the renderer sandbox via a crafted HTML page. Exploitation requires user interaction (UI:R) such as visiting a malicious site, and while no public exploit has been identified at time of analysis, Google rates the underlying Chromium severity as High and a vendor patch is available.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page that triggers a use-after-free in the WebRTC component. The flaw carries a CVSS 3.1 score of 8.8 (High) and Chromium rates the security severity as High; no public exploit has been identified at time of analysis and the issue is not currently listed in CISA KEV.
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who already controls the renderer process to break out of the browser sandbox via a crafted HTML page that triggers a use-after-free in the Autofill component. Chromium rates the severity High and a vendor patch is available; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Sandbox escape in Google Chrome on Windows before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out via a use-after-free in the Audio component when a victim loads a crafted HTML page. Chromium rates the issue High severity and Google has shipped a stable-channel fix, but no public exploit identified at time of analysis and the bug is not listed in CISA KEV.
Heap corruption in Google Chrome on Android before 149.0.7827.53 enables remote attackers to exploit a use-after-free condition in the browser's UI component through a malicious web page. The flaw carries a CVSS 8.8 (High) rating and requires user interaction (visiting a crafted page), with no public exploit identified at time of analysis. Google rates the underlying Chromium severity as High, and a vendor patch is available in the stable channel update.
Sandbox escape in Google Chrome's FileSystem component prior to version 149.0.7827.53 allows a remote attacker to break out of the renderer sandbox via a crafted HTML page that triggers a use-after-free condition. Successful exploitation requires the victim to interact with attacker-controlled web content, but yields a scope change from the constrained renderer process to higher-privileged host context. EPSS is currently low (0.03%) and no public exploit has been identified at time of analysis, though Google rates the underlying Chromium severity as High.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows an attacker on the same local network segment (adjacent network) to execute arbitrary code by sending malicious traffic to the browser's Cast component. The flaw stems from a use-after-free memory corruption issue in the Cast feature (used for media streaming to devices like Chromecast) and is rated High severity by Chromium with a CVSS score of 8.8. No public exploit identified at time of analysis, though a vendor patch has been released.
Arbitrary code execution in Google Chrome for Android prior to 149.0.7827.53 stems from a use-after-free flaw in the WebAppInstalls component, triggered when a victim opens a malicious file. Although the CVSS vector lists a network attack vector with high impact across confidentiality, integrity, and availability, exploitation requires user interaction and no public exploit identified at time of analysis. EPSS probability is very low (0.01%) and SSVC indicates no observed exploitation, suggesting the immediate threat is limited despite the High severity rating from Chromium.
Sandbox escape in Google Chrome's ANGLE graphics layer (versions prior to 149.0.7827.53) allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High severity by Chromium and CVSS 8.3, and while no public exploit is identified at time of analysis, sandbox escapes in ANGLE have historically been chained with renderer RCE bugs to achieve full system compromise.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free flaw in the Viz compositor component. Exploitation requires a crafted HTML page and victim interaction, and Google has rated the underlying Chromium security severity as High. No public exploit has been identified at time of analysis, but this class of bug is historically chained with renderer RCE bugs to achieve full browser compromise.
Sandbox escape in Google Chrome on iOS prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free in the Core component rated High severity by Chromium, and no public exploit identified at time of analysis. Exploitation requires user interaction (visiting a malicious page) and chaining with a prior renderer compromise, raising the practical bar despite the 8.3 CVSS score.
Remote code execution in Google Chrome's ANGLE graphics layer on Windows prior to version 149.0.7827.53 allows attackers to execute arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free (CWE-416) memory corruption issue rated High severity by Chromium, requires user interaction to trigger, and no public exploit has been identified at time of analysis.
Remote code execution in Google Chrome on Windows (versions prior to 149.0.7827.53) is possible through a use-after-free vulnerability in the ANGLE graphics translation layer, triggered when a victim visits a crafted HTML page. Successful exploitation yields arbitrary code execution constrained to the Chrome renderer sandbox, with Chromium rating the severity as High and CVSS scored at 8.8. There is no public exploit identified at time of analysis and CISA SSVC marks exploitation status as none, but the bug class (UAF in GPU translation) is historically a popular target for chained sandbox escapes.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free flaw in the Dawn WebGPU implementation. Exploitation requires luring a victim to a crafted HTML page and chaining this bug with a prior renderer compromise, but the impact is full sandbox escape with high confidentiality, integrity, and availability consequences. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free condition in the FullScreen component. Rated High severity by Chromium with a CVSS of 8.3, the flaw requires user interaction and high attack complexity, and no public exploit identified at time of analysis. The vendor has issued a stable channel update addressing the issue.
Heap corruption in Google Chrome's WebAuthentication component prior to version 149.0.7827.53 allows remote attackers to potentially execute arbitrary code through a crafted HTML page combined with user interaction. The flaw is a use-after-free (CWE-416) rated High severity by Chromium and carries a CVSS 7.5 score, though exploitation requires specific UI gestures from the victim. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Sandbox escape in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a use-after-free in the Network component, triggered by a crafted HTML page. Chromium rates the severity as High and a vendor patch is available; no public exploit identified at time of analysis.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the WebRTC component that lets a remote attacker run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. Google rates the underlying Chromium issue as High severity, and no public exploit is identified at time of analysis, though publicly available patch metadata and Chromium bug tracker entries (issue 503422316) confirm the fix.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Ozone graphics abstraction layer, rated Critical by Chromium's internal severity classification. Remote attackers can trigger arbitrary code execution within the browser's rendering context by enticing a victim to visit a crafted HTML page. There is no public exploit identified at time of analysis, and CISA SSVC scoring indicates no observed exploitation, though the technical impact is rated total.
Remote code execution in Google Chrome on macOS prior to version 149.0.7827.53 stems from a use-after-free condition in the Passwords component, allowing a remote attacker to execute arbitrary code if a victim is convinced to perform specific UI gestures on a crafted HTML page. Chromium rates the underlying severity as Critical, though CVSS scores it 7.5 due to high attack complexity and required user interaction. There is no public exploit identified at time of analysis and SSVC indicates exploitation status is none.
Remote heap corruption in Google Chrome on macOS prior to 149.0.7827.53 stems from a use-after-free in the Passwords component, letting a remote attacker who lures a user into specific UI interactions trigger memory corruption via a crafted HTML page. Chromium rates the underlying flaw Critical and a vendor patch is available, though no public exploit has been identified at time of analysis and active exploitation has not been confirmed by CISA KEV.
Heap corruption in Google Chrome's Ozone display layer on Linux versions prior to 149.0.7827.53 allows remote attackers to potentially achieve code execution by enticing a user to perform specific UI gestures on a crafted HTML page. Chromium rates the underlying issue as Critical severity, and no public exploit has been identified at time of analysis. The defect is a use-after-free (CWE-416) reachable from the renderer's interaction with the Linux display abstraction.
Remote code execution in Google Chrome for iOS prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code by enticing a user to visit a crafted HTML page. Chromium rates the underlying use-after-free as Critical severity, though SSVC currently shows no observed exploitation and no public exploit identified at time of analysis. The CVSS 8.8 rating reflects high impact across confidentiality, integrity, and availability, tempered by a required user interaction (visiting the malicious page).
Remote code execution in Google Chrome's Ozone display server layer affects all desktop versions prior to 149.0.7827.53, where a use-after-free memory corruption flaw can be triggered by a crafted HTML page. Chromium-internal severity is rated Critical and the CVSS 3.1 score of 8.8 reflects high impact across confidentiality, integrity, and availability, though exploitation requires user interaction (visiting an attacker-controlled page). No public exploit has been identified at time of analysis, and CISA SSVC currently lists Exploitation as 'none'.
Sandbox escape in Google Chrome on Linux prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers a use-after-free in the Printing component. Google rates the underlying Chromium issue as Critical severity, and no public exploit is identified at time of analysis. The CVSS 8.3 score reflects the chained nature of the attack and the scope change that results when sandbox boundaries are crossed.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Chromoting (Chrome Remote Desktop) component, which Google rated Critical internally. A remote attacker can deliver malicious network traffic to a user with an active Chromoting session and execute arbitrary code in the browser context, though user interaction is required per the CVSS vector. No public exploit identified at time of analysis, and EPSS probability is very low (0.04%).
Heap corruption in Google Chrome's GFX component on Linux prior to version 149.0.7827.53 allows remote attackers to potentially achieve code execution when a victim visits a crafted HTML page. Google rates the underlying Chromium issue as Critical severity, and a vendor patch is available; no public exploit identified at time of analysis.
Heap corruption in Google Chrome's Cast component prior to version 149.0.7827.53 allows adjacent-network attackers to trigger a use-after-free condition through crafted network traffic, potentially leading to arbitrary code execution within the renderer. Chromium rates the underlying severity as Critical, and no public exploit identified at time of analysis, though the AV:A vector means any attacker sharing the victim's LAN or Wi-Fi segment can attempt exploitation without authentication or user interaction.
Remote code execution in Google Chrome's Cast Streaming component (versions prior to 149.0.7827.53) allows an attacker on the same local network segment to execute arbitrary code by sending malicious network traffic to a vulnerable browser. The flaw is rated Critical by the Chromium project and carries a CVSS 3.1 score of 8.8, with no public exploit identified at time of analysis.
Remote code execution in Google Chrome on macOS prior to 149.0.7827.53 stems from a use-after-free flaw in the Chromoting (Chrome Remote Desktop) component, allowing remote attackers to execute arbitrary code by delivering malicious network traffic. Google's Chromium team rates the underlying defect as Critical severity, and no public exploit has been identified at time of analysis, though the bug class historically attracts in-the-wild exploitation against browser users.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to exploit a use-after-free condition in the FileSystem component via a crafted HTML page, with user interaction required. Google has rated the underlying Chromium issue as Critical severity, and a vendor patch is available; no public exploit identified at time of analysis, though the high CVSS score (9.6) and scope-changed impact warrant rapid patching.
Remote code execution in Google Chrome for iOS versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code by luring a victim to a crafted HTML page that triggers a use-after-free condition. The flaw is rated Critical by Chromium and carries a CVSS 8.8 score, and while no public exploit is identified at time of analysis, the user-interaction-only barrier (visiting a page) makes drive-by exploitation a realistic concern for unpatched iOS Chrome users.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page targeting a use-after-free flaw in the Chromecast component. Google classifies the underlying issue as Critical severity, and no public exploit has been identified at time of analysis. The bug requires chaining with a separate renderer compromise, which lowers standalone exploitability but makes it valuable as the second stage of a full browser exploit chain.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Network component, allowing a remote attacker to execute arbitrary code within the renderer process when a user visits a crafted HTML page. Google rated this issue Critical at the Chromium level, and a vendor patch is available; no public exploit identified at time of analysis.
Use-after-free in libexpat before 2.8.2 allows memory corruption, information disclosure, and potential code execution when prohibited API functions are called from within XML event handler callbacks. All libexpat consumers - including language bindings such as CPython's xml.parsers.expat - are affected when handler code (or attacker-influenced handler logic) invokes XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset in a re-entrant manner during active parsing. No public exploit code exists at time of analysis and this CVE is not listed in the CISA Known Exploited Vulnerabilities catalog, but the CPython project has an associated open issue (python/cpython#146169) indicating ecosystem-wide reach.
Heap information disclosure in HTML::Entities for Perl (versions before 3.84) allows remote attackers to leak adjacent heap memory contents when decoding entities. The XS routine _decode_entities retains a stale pointer into a hash value SV after grow_gap() reallocates the buffer, causing a use-after-free read that copies freed heap bytes into the output scalar. No public exploit identified at time of analysis and EPSS is very low (0.02%), but the upstream fix is confirmed via GH PR #56.
Use-after-free race condition in OP-TEE OS versions 3.16.0 through 4.10.x enables local low-privileged attackers to corrupt memory within the secure world when OP-TEE is built as an FF-A Secure Partition Manager Core (SPMC) for S-EL0 Secure Partitions. The flaw stems from missing lock acquisition in sp_mem_remove() during shared-memory teardown, allowing concurrent threads to dereference freed sp_mem_map_region or sp_mem_receiver objects. No public exploit identified at time of analysis, but successful exploitation yields high confidentiality, integrity, and availability impact inside the Trusted Execution Environment.
Use-after-free in the Linux kernel's rt9455 power supply driver allows local attackers to trigger memory corruption or system crashes via a race condition during driver probe or removal. The flaw stems from incorrect ordering of devm_-managed resource allocation, where the IRQ handler can fire against a freed or uninitialized power_supply handle. EPSS is very low (0.02%, 7th percentile) and no public exploit is identified at time of analysis, but the CVSS score of 8.4 reflects high impact on confidentiality, integrity, and availability for systems shipping the rt9455 Richtek battery charger driver.
Use-after-free in the Linux kernel NFC HCI SHDLC subsystem allows local low-privileged attackers to corrupt memory and potentially escalate privileges by triggering teardown races against active timers and queued work items. The flaw exists because llc_shdlc_deinit() purges SHDLC skb queues and frees the llc_shdlc structure while timers and the sm_work state-machine handler may still execute concurrently. EPSS is very low (0.02%) and no public exploit identified at time of analysis, but the high-impact CVSS (7.8) reflects full CIA compromise on successful exploitation.
Local privilege escalation potential exists in the Linux kernel's Intel Xe DRM driver (drm/xe/pf) due to a sysfs initialization ordering bug in SR-IOV Physical Function setup, where a failed devm_add_action_or_reset() call invokes kobject_put() on an uninitialized kobject, triggering refcount underflow and use-after-free conditions. The flaw affects Linux kernel 6.19 prior to the 6.19.4 stable patch and has been resolved upstream; no public exploit identified at time of analysis and EPSS rates exploitation probability at only 0.02%.
Use-after-free in the Linux kernel's pm8916_lbc power supply driver allows a local attacker to potentially trigger memory corruption or kernel crashes during device removal. The flaw stems from incorrect ordering of devm_-managed resources: the extcon handle is freed before the IRQ is unregistered, leaving a window where the IRQ handler invokes extcon_set_state_sync() on freed memory. No public exploit identified at time of analysis, and EPSS rates exploitation probability at 0.02% (5th percentile), reflecting low real-world attacker interest in this driver-specific race.
Use-after-free in OpENer's EtherNet/IP stack (versions up to 2.3.0) exposes industrial control system deployments to remote memory corruption via the CIP SendRRData handler. A low-privileged network attacker can manipulate the `CreateMessageRouterRequestStructure` function in `cipmessagerouter.c` to access freed memory, leading to denial of service, memory corruption, or potentially arbitrary code execution. A public proof-of-concept exploit has been disclosed, and the maintainer has not responded to the coordinated disclosure issue (#566), meaning no patch is available at time of analysis.
Heap use-after-free in GPAC MP4Box's dasher filter allows local attackers to crash the application by supplying a crafted MPEG-2 file. The flaw exists in dasher_configure_pid within src/filters/dasher.c, where a freed GF_DashStream object can still be referenced via muxed_base pointers held by other stream structures, resulting in a dangling pointer dereference. Impact is limited to Denial of Service (A:H, C:N, I:N); a publicly available proof-of-concept confirms reproducibility, though no confirmed active exploitation (CISA KEV) has been identified at time of analysis.
Use-after-free in Assimp's ASE File Parser - specifically the `aiNode::~aiNode` destructor in `scene.cpp` - allows a local, low-privileged attacker to corrupt heap memory, potentially causing denial of service or achieving arbitrary code execution in applications that load 3D model files. All Assimp versions through 6.0.4 are affected. A public proof-of-concept exploit (poc.zip) has been disclosed via GitHub, reducing the skill barrier for exploitation in environments where untrusted ASE-format files can be submitted for processing. No public exploit identified as confirmed actively exploited (CISA KEV) at time of analysis.
Local privilege escalation in the Linux kernel eventpoll (epoll) subsystem stems from a use-after-free in ep_remove() where file->f_ep is cleared but the file pointer continues to be used inside the f_lock critical section, allowing a concurrent __fput() to free the underlying struct eventpoll and struct file. Successful exploitation yields an attacker-controllable kmem_cache_free() against the wrong slab cache, enabling memory corruption that can lead to high-integrity, high-confidentiality, and high-availability impact (CVSS 7.8). EPSS is very low (0.02%), no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Heap use-after-free/double-free in the FreeRDP RDP client (versions prior to 3.26.0) lets a malicious or compromised RDP server corrupt client memory through the RDPEAR authentication-redirection path. The flaw stems from the RDPEAR NDR parser reusing a single non-null pointer ref-id across multiple logical fields, causing the same heap object to be assigned to two outputs and freed twice by the generic destructor. There is no public exploit beyond a proof-of-concept (SSVC: poc), and EPSS exploitation probability is very low (0.05%), but the SSVC technical impact is rated total and a vendor fix is available.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows attackers to run arbitrary code inside the browser's renderer sandbox through a crafted HTML page that triggers a use-after-free condition in the DOM implementation. The flaw, rated High severity by Chromium and carrying a CVSS 8.8 score, requires only that a victim visit a malicious or compromised webpage, making it well-suited for drive-by attacks despite no public exploit identified at time of analysis.
Sandbox escape in Google Chrome on Android prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the WebMIDI component. Chromium rates the severity High, and a vendor patch is available; no public exploit is identified at time of analysis and EPSS is very low at 0.03%.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the WebCodecs component, allowing a remote attacker to run arbitrary code within the renderer sandbox by luring a victim to a malicious HTML page. The issue is rated High severity by Chromium with a CVSS 3.1 score of 8.8, and a vendor patch is available, though no public exploit has been identified at time of analysis and the CVE is not currently listed in CISA KEV. Successful exploitation requires user interaction (visiting a crafted page), and code execution is constrained to the Chrome sandbox unless chained with a sandbox-escape bug.
Sandbox escape in Google Chrome's Skia graphics library prior to version 148.0.7778.216 allows remote attackers who have already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High by Chromium, with a patch shipped through the Stable channel and no public exploit identified at time of analysis. EPSS probability is very low (0.03%) and the CVE is not on the CISA KEV list, indicating no observed in-the-wild exploitation despite the serious technical impact.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the SVG rendering component, allowing remote attackers to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. Rated High severity by the Chromium project with a CVSS score of 8.8, the issue requires user interaction (visiting a malicious page) but no authentication. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Remote code execution in Google Chrome on macOS prior to 148.0.7778.216 stems from a use-after-free condition in the WebAppInstalls component, enabling a remote attacker to execute arbitrary code in the renderer context when a victim is lured to a malicious page and performs specific UI gestures. Chromium rates the severity as High, and while no public exploit identified at time of analysis, the bug class (UAF) is historically a favored target for Chrome exploit chains. The high attack complexity and required user interaction lower the practical exploitability compared to one-click bugs.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free condition in the Views UI component, allowing a remote attacker to execute arbitrary code if they can convince a user to perform specific UI gestures on a crafted HTML page. Chromium rates this as High severity and a vendor patch is available, but no public exploit has been identified at time of analysis.
Heap corruption in Google Chrome's PDFium component (versions prior to 148.0.7778.216) allows a remote attacker to potentially achieve code execution by tricking a user into opening a crafted PDF file. The flaw is a use-after-free condition rated High severity by Chromium, with no public exploit identified at time of analysis and a low EPSS score (0.03%) suggesting limited near-term mass exploitation despite a CVSS of 8.8. A vendor patch has been released via the Chrome Stable channel update.
Remote code execution in Google Chrome on Windows prior to version 149.0.7827.53 allows a remote attacker to escape memory safety boundaries within the renderer sandbox via a crafted HTML page. The flaw stems from a use-after-free condition in the Media component and requires user interaction (visiting a malicious page); no public exploit has been identified at time of analysis. With a CVSS of 8.8 and confirmed Chromium classification, this is a typical browser memory-corruption bug that historically attracts exploit chains.
Remote code execution in Google Chrome's Blink rendering engine prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page. The flaw is a use-after-free memory corruption issue (CWE-416) carrying a CVSS 8.8 score, with a vendor patch already shipped via the Chrome stable channel and no public exploit identified at time of analysis.
Remote code execution in Google Chrome on Windows prior to 149.0.7827.53 allows attackers to run arbitrary code inside the renderer sandbox by luring a user to a crafted HTML page that triggers a use-after-free in the ANGLE graphics layer. The flaw carries a CVSS 8.8 score and requires user interaction (visiting a malicious page), and no public exploit identified at time of analysis. The sandbox containment limits direct system impact, but the bug is a strong candidate for chaining with a sandbox escape.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code inside the renderer sandbox by enticing a victim to visit a crafted HTML page that triggers a use-after-free condition in the WebRTC component. No public exploit identified at time of analysis, though the high CVSS score of 8.8 and the memory corruption class make this a priority browser patch. Chromium rates the security severity as Medium despite the CVSS score, suggesting sandbox containment limits real-world impact.
Remote code execution in Google Chrome's V8 JavaScript engine before version 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free memory corruption issue rated CVSS 8.8 (High), and while no public exploit has been identified at time of analysis, V8 bugs of this class are historically high-value targets for exploit chains. SSVC indicates no observed exploitation, but technical impact is total within the sandbox boundary.
Remote code execution in Google Chrome's Password Manager component (versions prior to 149.0.7827.53) allows a remote attacker to execute arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. The flaw stems from a use-after-free memory corruption condition (CWE-416) and carries a CVSS 3.1 score of 8.8. No public exploit identified at time of analysis, but a vendor patch has been released by Google.
Heap corruption in Google Chrome's Views component prior to version 149.0.7827.53 allows a remote attacker to potentially execute code in the renderer when a user is convinced to perform specific UI gestures on a crafted HTML page. The flaw is a use-after-free (CWE-416) carrying a CVSS 8.8 rating, but EPSS is very low at 0.03% (11th percentile) and no public exploit is identified at time of analysis. Google has shipped a patched stable channel build, and Chromium rates the underlying issue as Medium severity.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) requiring user interaction to visit the malicious page, and no public exploit has been identified at time of analysis despite an EPSS score of 0.03% indicating very low near-term exploitation probability.
Remote heap corruption in Google Chrome prior to 149.0.7827.53 allows attackers to exploit a use-after-free condition in the Network component via crafted network traffic when a user visits or interacts with attacker-controlled content. Rated CVSS 8.8 with a patch available from Google, though EPSS exploitation probability is currently very low (0.03%, 11th percentile) and no public exploit has been identified at time of analysis.
Sandbox-contained arbitrary code execution in Google Chrome's Media component affects Linux and ChromeOS builds prior to 149.0.7827.53, where a use-after-free flaw can be triggered via a crafted HTML page. Exploitation requires that the attacker has already compromised the renderer process, meaning this bug functions as a second-stage primitive in a multi-vulnerability chain rather than a standalone RCE. No public exploit identified at time of analysis, and Chromium rates the internal severity as Medium despite the NVD CVSS of 8.8.
Sandbox escape in Google Chrome on Android before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Serial component. Exploitation requires user interaction with a crafted HTML page and a prior renderer compromise, making this a second-stage vulnerability typically chained with another bug. No public exploit identified at time of analysis and EPSS is very low (0.03%), but Google has shipped a patched stable channel build.
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows remote attackers who have already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the WebShare component. The flaw requires a pre-existing renderer compromise plus user interaction, and no public exploit identified at time of analysis, though Chromium-rated Medium severity and the patch availability suggest defenders should treat it as part of the standard Chrome update cycle.
Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 can be triggered by a remote attacker via a crafted HTML page that exploits a use-after-free condition in the USB component. The flaw carries a CVSS score of 9.6 due to its scope-changing impact, though Google rated the underlying Chromium security severity as Medium, and no public exploit has been identified at time of analysis with an EPSS score of just 0.03%.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 is possible through a use-after-free flaw in the WebRTC component, allowing a remote attacker to execute arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. The issue carries a CVSS 3.1 score of 8.8 (High) and a vendor patch is available, though there is no public exploit identified at time of analysis and the flaw is rated Medium severity by Chromium's own security team.
Sandbox escape in Google Chrome's Autofill component prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) requiring user interaction (UI:R) and a chained renderer compromise, and no public exploit has been identified at time of analysis despite the very high 9.6 CVSS score driven by scope change.
Remote code execution in Google Chrome on Linux prior to 149.0.7827.53 allows attackers to execute arbitrary code within the renderer sandbox by luring a user to a malicious web page that triggers a use-after-free condition in the Fonts component. The flaw carries a CVSS 3.1 base score of 8.8 (High) and no public exploit identified at time of analysis, though Chromium memory-corruption issues historically attract rapid POC development. Exploitation requires user interaction (visiting attacker-controlled content) but no authentication.
Remote code execution in Google Chrome's V8 JavaScript engine prior to version 149.0.7827.53 allows remote attackers to execute arbitrary code inside the renderer sandbox by serving a crafted HTML page and convincing a user to perform specific UI gestures. The flaw is a use-after-free (CWE-416) memory corruption issue with a high CVSS score of 8.8, rated Medium severity by Chromium; no public exploit identified at time of analysis.
Sandbox escape in Google Chrome's Glic component prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue (CWE-416) requiring user interaction and a chained renderer compromise; no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.03%.
Sandbox escape in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Views component, triggered by a crafted HTML page. Google rates the Chromium security severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis and EPSS exploitation probability is currently very low (0.03%).
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page that triggers a use-after-free in the WebXR component. Google rates the issue High severity and CVSS scores it 8.8, with user interaction required but no authentication or privileges needed; no public exploit identified at time of analysis.
Remote code execution in Google Chrome on Windows prior to version 149.0.7827.53 stems from a use-after-free flaw in the Chromoting (Chrome Remote Desktop) component. A remote attacker can deliver malicious network traffic that, combined with minimal user interaction, allows arbitrary code execution within the browser's renderer context. No public exploit identified at time of analysis, but Google rates the underlying Chromium severity as High.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the WebRTC component, enabling a remote attacker to execute arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. The issue is rated High severity by Chromium and carries a CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:N/UI:R), reflecting low complexity and no privilege requirement but requiring user interaction. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.
Sandbox escape in Google Chrome on Linux prior to 149.0.7827.53 allows a remote attacker to break out of the renderer process by luring a user to a crafted HTML page that triggers a use-after-free in the Ozone display/windowing layer. Google rates the underlying Chromium issue as High severity and a vendor patch is available; no public exploit identified at time of analysis and the EPSS score is very low (0.03%).
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the Chrome sandbox via a crafted HTML page that triggers a use-after-free in the SurfaceCapture component. The flaw is rated High severity by Chromium and carries a CVSS 3.1 score of 8.3 with scope change, reflecting that successful exploitation crosses the renderer/browser security boundary. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Sandbox escape in Google Chrome for iOS before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free condition. The flaw is rated High severity by Chromium and has a CVSS score of 8.3, but no public exploit has been identified at time of analysis and it is not listed in CISA KEV. Successful exploitation typically requires chaining with a separate renderer-compromise primitive, raising the practical bar.
Sandboxed remote code execution in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code inside the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free in the Input component, rated High by Chromium and 8.8 by CVSS. No public exploit identified at time of analysis, but Chrome UAF bugs in renderer-reachable components are historically high-value targets for chained sandbox escapes.
Remote code execution in Google Chrome for iOS before 149.0.7827.53 allows a remote attacker to execute arbitrary code by enticing a user to visit a crafted HTML page and perform specific UI gestures, triggering a use-after-free condition. Google rates the underlying Chromium issue as High severity, and no public exploit has been identified at time of analysis. The flaw requires user interaction, which somewhat reduces but does not eliminate real-world risk given Chrome's massive install base on iOS.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Glic component, allowing a remote attacker to run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. Google has rated the Chromium security severity as High, and a vendor patch is available, though no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Sandboxed remote code execution in Google Chrome before 149.0.7827.53 stems from a use-after-free flaw in the MimeHandlerView component, exploitable when a victim visits a crafted HTML page. Chromium rates the issue High severity and CVSS 8.8 reflects network-reachable exploitation with user interaction; no public exploit identified at time of analysis, and the bug is not on the CISA KEV list.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Actor component that lets a remote attacker run arbitrary code within the renderer sandbox via a malicious HTML page. The flaw carries CVSS 8.8 and requires user interaction (visiting a crafted page), and at time of analysis there is no public exploit identified, though Chromium rates the security severity as High and a vendor patch has shipped.
Sandbox escape in Google Chrome on Android versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw stems from a use-after-free condition in the Core component and is rated High severity by Chromium with a CVSS of 8.3. No public exploit identified at time of analysis, though the bug enables a critical post-exploitation chain step when paired with a renderer RCE.
Heap corruption in Google Chrome for iOS prior to 149.0.7827.53 allows remote attackers to potentially execute arbitrary code by luring a user to a crafted HTML page that triggers a use-after-free condition. Google has rated this as High severity and a vendor patch is available, though no public exploit has been identified at time of analysis. The CVSS 8.8 score reflects network-reachable exploitation with low complexity but requires user interaction (visiting a malicious page).
Heap corruption in Google Chrome on iOS before version 149.0.7827.53 enables remote attackers to potentially execute arbitrary code by enticing a user to interact with a malicious HTML page that triggers a use-after-free in the Autofill component. Chromium rates the underlying flaw as High severity, and while a vendor patch is available, no public exploit has been identified at time of analysis and EPSS remains very low at 0.03%.
Remote code execution in Google Chrome prior to 149.0.7827.53 allows a remote attacker to trigger a use-after-free condition in the WebRTC component by enticing a victim to visit a crafted HTML page, resulting in arbitrary code execution within the renderer sandbox. Google rated this as High severity and a vendor patch is available; no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the WebRTC component, enabling a remote attacker to execute arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. Google rates the underlying Chromium severity as High, and the CVSS 3.1 score of 8.8 reflects network-reachable, low-complexity exploitation requiring only user interaction (visiting a page). No public exploit code has been identified at time of analysis and the vulnerability is not listed in CISA KEV.
Sandboxed arbitrary code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the browser's PDF component, exploitable when a remote attacker convinces a user to perform specific UI gestures after loading a crafted PDF. Chromium rates the severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis and CISA SSVC marks exploitation status as none.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the WebRTC component that allows a remote attacker to execute arbitrary code within the renderer sandbox via a crafted HTML page. Exploitation requires user interaction (UI:R) such as visiting a malicious site, and while no public exploit has been identified at time of analysis, Google rates the underlying Chromium severity as High and a vendor patch is available.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page that triggers a use-after-free in the WebRTC component. The flaw carries a CVSS 3.1 score of 8.8 (High) and Chromium rates the security severity as High; no public exploit has been identified at time of analysis and the issue is not currently listed in CISA KEV.
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who already controls the renderer process to break out of the browser sandbox via a crafted HTML page that triggers a use-after-free in the Autofill component. Chromium rates the severity High and a vendor patch is available; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Sandbox escape in Google Chrome on Windows before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out via a use-after-free in the Audio component when a victim loads a crafted HTML page. Chromium rates the issue High severity and Google has shipped a stable-channel fix, but no public exploit identified at time of analysis and the bug is not listed in CISA KEV.
Heap corruption in Google Chrome on Android before 149.0.7827.53 enables remote attackers to exploit a use-after-free condition in the browser's UI component through a malicious web page. The flaw carries a CVSS 8.8 (High) rating and requires user interaction (visiting a crafted page), with no public exploit identified at time of analysis. Google rates the underlying Chromium severity as High, and a vendor patch is available in the stable channel update.
Sandbox escape in Google Chrome's FileSystem component prior to version 149.0.7827.53 allows a remote attacker to break out of the renderer sandbox via a crafted HTML page that triggers a use-after-free condition. Successful exploitation requires the victim to interact with attacker-controlled web content, but yields a scope change from the constrained renderer process to higher-privileged host context. EPSS is currently low (0.03%) and no public exploit has been identified at time of analysis, though Google rates the underlying Chromium severity as High.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows an attacker on the same local network segment (adjacent network) to execute arbitrary code by sending malicious traffic to the browser's Cast component. The flaw stems from a use-after-free memory corruption issue in the Cast feature (used for media streaming to devices like Chromecast) and is rated High severity by Chromium with a CVSS score of 8.8. No public exploit identified at time of analysis, though a vendor patch has been released.
Arbitrary code execution in Google Chrome for Android prior to 149.0.7827.53 stems from a use-after-free flaw in the WebAppInstalls component, triggered when a victim opens a malicious file. Although the CVSS vector lists a network attack vector with high impact across confidentiality, integrity, and availability, exploitation requires user interaction and no public exploit identified at time of analysis. EPSS probability is very low (0.01%) and SSVC indicates no observed exploitation, suggesting the immediate threat is limited despite the High severity rating from Chromium.
Sandbox escape in Google Chrome's ANGLE graphics layer (versions prior to 149.0.7827.53) allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High severity by Chromium and CVSS 8.3, and while no public exploit is identified at time of analysis, sandbox escapes in ANGLE have historically been chained with renderer RCE bugs to achieve full system compromise.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free flaw in the Viz compositor component. Exploitation requires a crafted HTML page and victim interaction, and Google has rated the underlying Chromium security severity as High. No public exploit has been identified at time of analysis, but this class of bug is historically chained with renderer RCE bugs to achieve full browser compromise.
Sandbox escape in Google Chrome on iOS prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free in the Core component rated High severity by Chromium, and no public exploit identified at time of analysis. Exploitation requires user interaction (visiting a malicious page) and chaining with a prior renderer compromise, raising the practical bar despite the 8.3 CVSS score.
Remote code execution in Google Chrome's ANGLE graphics layer on Windows prior to version 149.0.7827.53 allows attackers to execute arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free (CWE-416) memory corruption issue rated High severity by Chromium, requires user interaction to trigger, and no public exploit has been identified at time of analysis.
Remote code execution in Google Chrome on Windows (versions prior to 149.0.7827.53) is possible through a use-after-free vulnerability in the ANGLE graphics translation layer, triggered when a victim visits a crafted HTML page. Successful exploitation yields arbitrary code execution constrained to the Chrome renderer sandbox, with Chromium rating the severity as High and CVSS scored at 8.8. There is no public exploit identified at time of analysis and CISA SSVC marks exploitation status as none, but the bug class (UAF in GPU translation) is historically a popular target for chained sandbox escapes.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free flaw in the Dawn WebGPU implementation. Exploitation requires luring a victim to a crafted HTML page and chaining this bug with a prior renderer compromise, but the impact is full sandbox escape with high confidentiality, integrity, and availability consequences. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free condition in the FullScreen component. Rated High severity by Chromium with a CVSS of 8.3, the flaw requires user interaction and high attack complexity, and no public exploit identified at time of analysis. The vendor has issued a stable channel update addressing the issue.
Heap corruption in Google Chrome's WebAuthentication component prior to version 149.0.7827.53 allows remote attackers to potentially execute arbitrary code through a crafted HTML page combined with user interaction. The flaw is a use-after-free (CWE-416) rated High severity by Chromium and carries a CVSS 7.5 score, though exploitation requires specific UI gestures from the victim. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Sandbox escape in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a use-after-free in the Network component, triggered by a crafted HTML page. Chromium rates the severity as High and a vendor patch is available; no public exploit identified at time of analysis.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the WebRTC component that lets a remote attacker run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. Google rates the underlying Chromium issue as High severity, and no public exploit is identified at time of analysis, though publicly available patch metadata and Chromium bug tracker entries (issue 503422316) confirm the fix.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Ozone graphics abstraction layer, rated Critical by Chromium's internal severity classification. Remote attackers can trigger arbitrary code execution within the browser's rendering context by enticing a victim to visit a crafted HTML page. There is no public exploit identified at time of analysis, and CISA SSVC scoring indicates no observed exploitation, though the technical impact is rated total.
Remote code execution in Google Chrome on macOS prior to version 149.0.7827.53 stems from a use-after-free condition in the Passwords component, allowing a remote attacker to execute arbitrary code if a victim is convinced to perform specific UI gestures on a crafted HTML page. Chromium rates the underlying severity as Critical, though CVSS scores it 7.5 due to high attack complexity and required user interaction. There is no public exploit identified at time of analysis and SSVC indicates exploitation status is none.
Remote heap corruption in Google Chrome on macOS prior to 149.0.7827.53 stems from a use-after-free in the Passwords component, letting a remote attacker who lures a user into specific UI interactions trigger memory corruption via a crafted HTML page. Chromium rates the underlying flaw Critical and a vendor patch is available, though no public exploit has been identified at time of analysis and active exploitation has not been confirmed by CISA KEV.
Heap corruption in Google Chrome's Ozone display layer on Linux versions prior to 149.0.7827.53 allows remote attackers to potentially achieve code execution by enticing a user to perform specific UI gestures on a crafted HTML page. Chromium rates the underlying issue as Critical severity, and no public exploit has been identified at time of analysis. The defect is a use-after-free (CWE-416) reachable from the renderer's interaction with the Linux display abstraction.
Remote code execution in Google Chrome for iOS prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code by enticing a user to visit a crafted HTML page. Chromium rates the underlying use-after-free as Critical severity, though SSVC currently shows no observed exploitation and no public exploit identified at time of analysis. The CVSS 8.8 rating reflects high impact across confidentiality, integrity, and availability, tempered by a required user interaction (visiting the malicious page).
Remote code execution in Google Chrome's Ozone display server layer affects all desktop versions prior to 149.0.7827.53, where a use-after-free memory corruption flaw can be triggered by a crafted HTML page. Chromium-internal severity is rated Critical and the CVSS 3.1 score of 8.8 reflects high impact across confidentiality, integrity, and availability, though exploitation requires user interaction (visiting an attacker-controlled page). No public exploit has been identified at time of analysis, and CISA SSVC currently lists Exploitation as 'none'.
Sandbox escape in Google Chrome on Linux prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers a use-after-free in the Printing component. Google rates the underlying Chromium issue as Critical severity, and no public exploit is identified at time of analysis. The CVSS 8.3 score reflects the chained nature of the attack and the scope change that results when sandbox boundaries are crossed.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Chromoting (Chrome Remote Desktop) component, which Google rated Critical internally. A remote attacker can deliver malicious network traffic to a user with an active Chromoting session and execute arbitrary code in the browser context, though user interaction is required per the CVSS vector. No public exploit identified at time of analysis, and EPSS probability is very low (0.04%).
Heap corruption in Google Chrome's GFX component on Linux prior to version 149.0.7827.53 allows remote attackers to potentially achieve code execution when a victim visits a crafted HTML page. Google rates the underlying Chromium issue as Critical severity, and a vendor patch is available; no public exploit identified at time of analysis.
Heap corruption in Google Chrome's Cast component prior to version 149.0.7827.53 allows adjacent-network attackers to trigger a use-after-free condition through crafted network traffic, potentially leading to arbitrary code execution within the renderer. Chromium rates the underlying severity as Critical, and no public exploit identified at time of analysis, though the AV:A vector means any attacker sharing the victim's LAN or Wi-Fi segment can attempt exploitation without authentication or user interaction.
Remote code execution in Google Chrome's Cast Streaming component (versions prior to 149.0.7827.53) allows an attacker on the same local network segment to execute arbitrary code by sending malicious network traffic to a vulnerable browser. The flaw is rated Critical by the Chromium project and carries a CVSS 3.1 score of 8.8, with no public exploit identified at time of analysis.
Remote code execution in Google Chrome on macOS prior to 149.0.7827.53 stems from a use-after-free flaw in the Chromoting (Chrome Remote Desktop) component, allowing remote attackers to execute arbitrary code by delivering malicious network traffic. Google's Chromium team rates the underlying defect as Critical severity, and no public exploit has been identified at time of analysis, though the bug class historically attracts in-the-wild exploitation against browser users.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to exploit a use-after-free condition in the FileSystem component via a crafted HTML page, with user interaction required. Google has rated the underlying Chromium issue as Critical severity, and a vendor patch is available; no public exploit identified at time of analysis, though the high CVSS score (9.6) and scope-changed impact warrant rapid patching.
Remote code execution in Google Chrome for iOS versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code by luring a victim to a crafted HTML page that triggers a use-after-free condition. The flaw is rated Critical by Chromium and carries a CVSS 8.8 score, and while no public exploit is identified at time of analysis, the user-interaction-only barrier (visiting a page) makes drive-by exploitation a realistic concern for unpatched iOS Chrome users.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page targeting a use-after-free flaw in the Chromecast component. Google classifies the underlying issue as Critical severity, and no public exploit has been identified at time of analysis. The bug requires chaining with a separate renderer compromise, which lowers standalone exploitability but makes it valuable as the second stage of a full browser exploit chain.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Network component, allowing a remote attacker to execute arbitrary code within the renderer process when a user visits a crafted HTML page. Google rated this issue Critical at the Chromium level, and a vendor patch is available; no public exploit identified at time of analysis.
Use-after-free in libexpat before 2.8.2 allows memory corruption, information disclosure, and potential code execution when prohibited API functions are called from within XML event handler callbacks. All libexpat consumers - including language bindings such as CPython's xml.parsers.expat - are affected when handler code (or attacker-influenced handler logic) invokes XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset in a re-entrant manner during active parsing. No public exploit code exists at time of analysis and this CVE is not listed in the CISA Known Exploited Vulnerabilities catalog, but the CPython project has an associated open issue (python/cpython#146169) indicating ecosystem-wide reach.
Heap information disclosure in HTML::Entities for Perl (versions before 3.84) allows remote attackers to leak adjacent heap memory contents when decoding entities. The XS routine _decode_entities retains a stale pointer into a hash value SV after grow_gap() reallocates the buffer, causing a use-after-free read that copies freed heap bytes into the output scalar. No public exploit identified at time of analysis and EPSS is very low (0.02%), but the upstream fix is confirmed via GH PR #56.
Use-after-free race condition in OP-TEE OS versions 3.16.0 through 4.10.x enables local low-privileged attackers to corrupt memory within the secure world when OP-TEE is built as an FF-A Secure Partition Manager Core (SPMC) for S-EL0 Secure Partitions. The flaw stems from missing lock acquisition in sp_mem_remove() during shared-memory teardown, allowing concurrent threads to dereference freed sp_mem_map_region or sp_mem_receiver objects. No public exploit identified at time of analysis, but successful exploitation yields high confidentiality, integrity, and availability impact inside the Trusted Execution Environment.
Use-after-free in the Linux kernel's rt9455 power supply driver allows local attackers to trigger memory corruption or system crashes via a race condition during driver probe or removal. The flaw stems from incorrect ordering of devm_-managed resource allocation, where the IRQ handler can fire against a freed or uninitialized power_supply handle. EPSS is very low (0.02%, 7th percentile) and no public exploit is identified at time of analysis, but the CVSS score of 8.4 reflects high impact on confidentiality, integrity, and availability for systems shipping the rt9455 Richtek battery charger driver.
Use-after-free in the Linux kernel NFC HCI SHDLC subsystem allows local low-privileged attackers to corrupt memory and potentially escalate privileges by triggering teardown races against active timers and queued work items. The flaw exists because llc_shdlc_deinit() purges SHDLC skb queues and frees the llc_shdlc structure while timers and the sm_work state-machine handler may still execute concurrently. EPSS is very low (0.02%) and no public exploit identified at time of analysis, but the high-impact CVSS (7.8) reflects full CIA compromise on successful exploitation.
Local privilege escalation potential exists in the Linux kernel's Intel Xe DRM driver (drm/xe/pf) due to a sysfs initialization ordering bug in SR-IOV Physical Function setup, where a failed devm_add_action_or_reset() call invokes kobject_put() on an uninitialized kobject, triggering refcount underflow and use-after-free conditions. The flaw affects Linux kernel 6.19 prior to the 6.19.4 stable patch and has been resolved upstream; no public exploit identified at time of analysis and EPSS rates exploitation probability at only 0.02%.
Use-after-free in the Linux kernel's pm8916_lbc power supply driver allows a local attacker to potentially trigger memory corruption or kernel crashes during device removal. The flaw stems from incorrect ordering of devm_-managed resources: the extcon handle is freed before the IRQ is unregistered, leaving a window where the IRQ handler invokes extcon_set_state_sync() on freed memory. No public exploit identified at time of analysis, and EPSS rates exploitation probability at 0.02% (5th percentile), reflecting low real-world attacker interest in this driver-specific race.
Use-after-free in OpENer's EtherNet/IP stack (versions up to 2.3.0) exposes industrial control system deployments to remote memory corruption via the CIP SendRRData handler. A low-privileged network attacker can manipulate the `CreateMessageRouterRequestStructure` function in `cipmessagerouter.c` to access freed memory, leading to denial of service, memory corruption, or potentially arbitrary code execution. A public proof-of-concept exploit has been disclosed, and the maintainer has not responded to the coordinated disclosure issue (#566), meaning no patch is available at time of analysis.
Heap use-after-free in GPAC MP4Box's dasher filter allows local attackers to crash the application by supplying a crafted MPEG-2 file. The flaw exists in dasher_configure_pid within src/filters/dasher.c, where a freed GF_DashStream object can still be referenced via muxed_base pointers held by other stream structures, resulting in a dangling pointer dereference. Impact is limited to Denial of Service (A:H, C:N, I:N); a publicly available proof-of-concept confirms reproducibility, though no confirmed active exploitation (CISA KEV) has been identified at time of analysis.
Use-after-free in Assimp's ASE File Parser - specifically the `aiNode::~aiNode` destructor in `scene.cpp` - allows a local, low-privileged attacker to corrupt heap memory, potentially causing denial of service or achieving arbitrary code execution in applications that load 3D model files. All Assimp versions through 6.0.4 are affected. A public proof-of-concept exploit (poc.zip) has been disclosed via GitHub, reducing the skill barrier for exploitation in environments where untrusted ASE-format files can be submitted for processing. No public exploit identified as confirmed actively exploited (CISA KEV) at time of analysis.
Local privilege escalation in the Linux kernel eventpoll (epoll) subsystem stems from a use-after-free in ep_remove() where file->f_ep is cleared but the file pointer continues to be used inside the f_lock critical section, allowing a concurrent __fput() to free the underlying struct eventpoll and struct file. Successful exploitation yields an attacker-controllable kmem_cache_free() against the wrong slab cache, enabling memory corruption that can lead to high-integrity, high-confidentiality, and high-availability impact (CVSS 7.8). EPSS is very low (0.02%), no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Heap use-after-free/double-free in the FreeRDP RDP client (versions prior to 3.26.0) lets a malicious or compromised RDP server corrupt client memory through the RDPEAR authentication-redirection path. The flaw stems from the RDPEAR NDR parser reusing a single non-null pointer ref-id across multiple logical fields, causing the same heap object to be assigned to two outputs and freed twice by the generic destructor. There is no public exploit beyond a proof-of-concept (SSVC: poc), and EPSS exploitation probability is very low (0.05%), but the SSVC technical impact is rated total and a vendor fix is available.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows attackers to run arbitrary code inside the browser's renderer sandbox through a crafted HTML page that triggers a use-after-free condition in the DOM implementation. The flaw, rated High severity by Chromium and carrying a CVSS 8.8 score, requires only that a victim visit a malicious or compromised webpage, making it well-suited for drive-by attacks despite no public exploit identified at time of analysis.
Sandbox escape in Google Chrome on Android prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the WebMIDI component. Chromium rates the severity High, and a vendor patch is available; no public exploit is identified at time of analysis and EPSS is very low at 0.03%.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the WebCodecs component, allowing a remote attacker to run arbitrary code within the renderer sandbox by luring a victim to a malicious HTML page. The issue is rated High severity by Chromium with a CVSS 3.1 score of 8.8, and a vendor patch is available, though no public exploit has been identified at time of analysis and the CVE is not currently listed in CISA KEV. Successful exploitation requires user interaction (visiting a crafted page), and code execution is constrained to the Chrome sandbox unless chained with a sandbox-escape bug.
Sandbox escape in Google Chrome's Skia graphics library prior to version 148.0.7778.216 allows remote attackers who have already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High by Chromium, with a patch shipped through the Stable channel and no public exploit identified at time of analysis. EPSS probability is very low (0.03%) and the CVE is not on the CISA KEV list, indicating no observed in-the-wild exploitation despite the serious technical impact.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the SVG rendering component, allowing remote attackers to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. Rated High severity by the Chromium project with a CVSS score of 8.8, the issue requires user interaction (visiting a malicious page) but no authentication. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Remote code execution in Google Chrome on macOS prior to 148.0.7778.216 stems from a use-after-free condition in the WebAppInstalls component, enabling a remote attacker to execute arbitrary code in the renderer context when a victim is lured to a malicious page and performs specific UI gestures. Chromium rates the severity as High, and while no public exploit identified at time of analysis, the bug class (UAF) is historically a favored target for Chrome exploit chains. The high attack complexity and required user interaction lower the practical exploitability compared to one-click bugs.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free condition in the Views UI component, allowing a remote attacker to execute arbitrary code if they can convince a user to perform specific UI gestures on a crafted HTML page. Chromium rates this as High severity and a vendor patch is available, but no public exploit has been identified at time of analysis.
Heap corruption in Google Chrome's PDFium component (versions prior to 148.0.7778.216) allows a remote attacker to potentially achieve code execution by tricking a user into opening a crafted PDF file. The flaw is a use-after-free condition rated High severity by Chromium, with no public exploit identified at time of analysis and a low EPSS score (0.03%) suggesting limited near-term mass exploitation despite a CVSS of 8.8. A vendor patch has been released via the Chrome Stable channel update.