Skip to main content

Use After Free

memory HIGH

Use-after-free vulnerabilities occur when a program continues to access memory through a pointer after that memory has been deallocated.

How It Works

Use-after-free vulnerabilities occur when a program continues to access memory through a pointer after that memory has been deallocated. When memory is freed, it returns to the allocator's pool and may be reallocated for an entirely different purpose. The original pointer becomes "dangling"—it still points to that memory location, but the contents are now undefined or controlled by different code.

Attackers exploit this by orchestrating a three-step process: first, trigger the memory deallocation; second, cause the allocator to reassign that same memory region with attacker-controlled data (often through carefully timed allocations); third, trigger the program to dereference the dangling pointer. Because the memory now contains attacker data instead of the expected object, this can corrupt function pointers, vtables, or other critical structures.

The vulnerability is particularly dangerous in object-oriented code where freed objects contain function pointers or virtual method tables. When the program calls a method on the freed object, it may jump to attacker-controlled addresses. Browser engines are frequent targets because DOM manipulation allows attackers to control object allocation and deallocation timing through JavaScript, while kernel UAFs enable privilege escalation by manipulating file descriptors or process structures.

Impact

  • Arbitrary code execution — attacker overwrites function pointers or vtables to redirect program flow to malicious code
  • Privilege escalation — in kernel UAFs, gain root/system privileges by corrupting process credentials or security tokens
  • Information disclosure — read sensitive data from reallocated memory that wasn't properly cleared
  • Sandbox escape — break out of browser or application sandboxes by corrupting security-critical objects
  • Denial of service — crash the application through memory corruption, though attackers typically aim for exploitation rather than simple crashes

Real-World Examples

CVE-2021-30551 affected Chrome's V8 JavaScript engine, where improper handling of JavaScript typed arrays created a use-after-free in object property management. Attackers could trigger object deletion while retaining references, then reallocate the memory with controlled data to achieve code execution within the renderer process.

Windows kernel vulnerabilities like CVE-2020-17087 involved use-after-free conditions in the Windows keyboard layout handling code. Attackers exploited race conditions in keyboard layout switching to free kernel objects while retaining references, then reallocated the memory with controlled structures to elevate privileges from user to SYSTEM level.

The WhatsApp vulnerability CVE-2019-11932 demonstrated UAF exploitation in media parsing code, where specially crafted GIF files triggered premature memory deallocation. Subsequent access to the freed buffers allowed remote code execution without user interaction beyond receiving the malicious file.

Mitigation

  • Memory-safe languages — use Rust, Go, Swift, or other languages with automatic memory management
  • Smart pointers — employ RAII patterns and reference counting (unique_ptr, shared_ptr in C++)
  • AddressSanitizer (ASAN) — detect UAF during testing through instrumented builds
  • Immediate pointer nullification — set pointers to NULL after free() to cause immediate crashes rather than exploitable conditions
  • Garbage collection — languages with GC prevent manual memory management errors
  • Control Flow Integrity (CFI) — limits exploit impact by validating function pointer targets
  • Heap hardening — allocator metadata protection and delayed reuse policies increase exploitation difficulty

Recent CVEs (6128)

EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's Ozone component on Linux before version 149.0.7827.103 allows remote attackers to potentially achieve arbitrary code execution within the browser process when a victim visits a crafted HTML page. The flaw is a use-after-free rated High severity by Chromium, with CVSS 8.8 reflecting network-reachable exploitation requiring only minimal user interaction. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.103 allows attackers to run arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page, triggering a use-after-free condition in the Media component. The flaw carries a CVSS 8.8 (High) rating and is tagged by Chromium as High severity. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.

Google Memory Corruption RCE +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows before 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Codecs component triggered by a crafted HTML page. Google rates this Chromium security severity as High, and a vendor patch is available; no public exploit was identified at time of analysis, though the scope-changed CVSS 8.3 reflects the cross-boundary impact of breaching the sandbox.

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's Guest View component prior to version 149.0.7827.103 allows attackers to execute arbitrary code within the renderer sandbox by luring users to a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by Chromium with a CVSS of 8.8, and while no public exploit has been identified at time of analysis, Google has shipped a patched stable channel build. Exploitation requires user interaction (visiting a malicious page) and code execution is confined to the sandbox, meaning a sandbox escape would be needed for full host compromise.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free flaw in the InterestGroups component, enabling a remote attacker to execute arbitrary code within the renderer sandbox via a crafted HTML page. The vulnerability carries a CVSS 8.8 (High) score and is rated High severity by Chromium, but no public exploit identified at time of analysis and SSVC indicates exploitation status of none. Attack requires user interaction (visiting a malicious page) but no authentication.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome before 149.0.7827.103 allows a remote attacker to break out of the renderer sandbox through a use-after-free in the Navigation component when a victim visits a crafted HTML page. The CVSS 9.6 score reflects a scope-changing impact on confidentiality, integrity, and availability with only user interaction (visiting a page) required, and no public exploit was identified at time of analysis.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free flaw in the PDF component, enabling a remote attacker who lures a user into opening a crafted PDF to execute arbitrary code within the renderer sandbox. Rated High by Chromium with CVSS 8.8, the issue requires user interaction but no authentication, and currently has no public exploit identified at time of analysis.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's Payments component before 149.0.7827.103 allows remote attackers to exploit a use-after-free condition by enticing a victim to visit a crafted HTML page, potentially achieving arbitrary code execution within the renderer sandbox. Chromium rates the severity as High, and CVSS 8.8 reflects network-reachable exploitation with low complexity, though successful exploitation requires user interaction (visiting an attacker-controlled page). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a use-after-free in the Skia graphics library. The flaw is rated High severity by Chromium and carries a CVSS 8.3, but exploitation requires both a prior renderer compromise and user interaction with a crafted HTML page. No public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Views component, triggered through a crafted HTML page. Google rates this Chromium security severity High and a vendor patch is available; no public exploit identified at time of analysis and the bug is not currently listed in CISA KEV.

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to version 149.0.7827.103 stems from a use-after-free flaw in the Payments component, allowing a remote attacker to run arbitrary code in the renderer process via a crafted HTML page. The issue carries a CVSS 8.8 (High) rating and was reported through Google's internal Chrome security process; no public exploit identified at time of analysis. Exploitation requires the victim to load attacker-controlled web content (UI:R), but no authentication or special privileges are needed.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free condition in the ServiceWorker component, allowing an attacker to break out of Chrome's renderer sandbox through a crafted malicious extension. The flaw is rated Chromium severity High with CVSS 8.3 and no public exploit identified at time of analysis, but the scope-change (S:C) and full CIA impact mean a successful escape grants meaningful control over the host browser process. Exploitation requires the victim to install the attacker's extension, which constrains opportunistic mass exploitation but is realistic against targeted users.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome for Mac (versions prior to 149.0.7827.103) stems from a use-after-free condition in the CameraCapture component, enabling a remote attacker to break out of the renderer sandbox via a crafted HTML page. With a CVSS of 9.6 (scope-changed, high impact across CIA) and an upstream fix released by Google, the bug carries high severity but requires user interaction to load the malicious page; no public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox through a use-after-free flaw in the Extensions component, triggered via a crafted HTML page. Google rates the underlying Chromium severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis and the issue is not listed in CISA KEV. The vulnerability is meaningful as the second stage in a multi-bug renderer-to-system exploit chain rather than as a single-shot drive-by.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Remote code execution in Google Chrome's Network component before version 149.0.7827.103 allows a remote attacker to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free (CWE-416) classified High severity by Chromium with a CVSS 9.6 due to scope change and user-interaction prerequisite. No public exploit identified at time of analysis, but a vendor patch is already shipped via the Stable channel update.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to version 149.0.7827.103 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by Chromium and carries a CVSS 8.8 score; no public exploit identified at time of analysis, but V8 UAF bugs are historically high-value targets for exploit chains.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to version 149.0.7827.103 allows attackers to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by Chromium, with a CVSS 8.8 score reflecting low attack complexity but requiring user interaction. No public exploit identified at time of analysis, though V8 use-after-frees historically attract rapid weaponization for browser exploit chains.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption via use-after-free in Google Chrome's FullScreen component on Windows prior to 149.0.7827.103 enables remote attackers to potentially achieve code execution when a victim visits a malicious HTML page. Chromium rates this High severity and a vendor patch is available, though no public exploit has been identified at time of analysis. The CVSS 8.8 score reflects the network-reachable, low-complexity nature of the bug, tempered by required user interaction (UI:R).

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free in the Printing component. Google rates this High severity, and a vendor patch is available, but no public exploit identified at time of analysis and the vulnerability requires chaining with a separate renderer compromise plus user interaction with a print flow.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free condition in the ViewTransitions component, allowing a remote attacker to execute arbitrary code within the browser's renderer sandbox by serving a crafted HTML page. Google rates the Chromium security severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use-after-free in the Views component of Google Chrome on Linux prior to 149.0.7827.103 allows remote attackers to execute arbitrary code by tricking a user into installing a crafted malicious extension. Chromium rates the underlying flaw Critical, though the NVD CVSS score of 7.5 reflects the high attack complexity and required user interaction. No public exploit identified at time of analysis.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free condition in the Proxy component, enabling remote attackers to execute arbitrary code by delivering malicious network traffic. Chromium has rated this issue Critical severity, and while no public exploit is identified at the time of analysis, the network-reachable nature of the Proxy subsystem and Chrome's massive deployment footprint make this a high-priority browser patch. The CVSS 8.1 score reflects high attack complexity offset by no required privileges or user interaction.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page exploiting a use-after-free in Web Apps. Chromium rates the severity as Critical, and a vendor patch is available, though no public exploit has been identified at time of analysis. This is a second-stage vulnerability typically chained with a renderer RCE to achieve full browser compromise.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.103 can be triggered via a use-after-free flaw in the Bluetooth component, allowing a remote attacker to execute arbitrary code when a victim visits a crafted HTML page and performs specific UI gestures. Chromium rates the severity as Critical, though the CVSS 3.1 score of 7.5 reflects high attack complexity and required user interaction. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Google Memory Corruption RCE +5
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to version 149.0.7827.103 allows a remote attacker to exploit a use-after-free flaw in the Compositing component via a crafted HTML page. Google has rated the underlying Chromium security severity as Critical, and no public exploit identified at time of analysis, though the bug is patched in the latest stable channel. Successful exploitation requires user interaction (visiting a malicious page) and high attack complexity, which moderates real-world risk despite the high impact.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 enables remote attackers to break out of the browser's renderer sandbox via a crafted HTML page that triggers a use-after-free in the Printing component. Chromium rated this issue Critical severity, and the CVSS scope change (S:C) confirms the sandbox boundary is crossed; no public exploit identified at time of analysis, but the attack only requires the victim to load attacker-controlled content.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to version 149.0.7827.103 stems from a use-after-free flaw in the Views UI component, enabling a remote attacker to run arbitrary code when a victim visits a crafted HTML page. Google rates the underlying Chromium severity as Critical, and a vendor patch is available; no public exploit identified at time of analysis. The CVSS 8.8 score reflects network-reachable exploitation with low complexity but requiring user interaction (visiting the malicious page).

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Heap corruption in Google Chrome's Autofill component on Windows versions prior to 149.0.7827.103 allows remote attackers to potentially achieve code execution by luring users to a malicious HTML page and convincing them to perform specific UI interactions. Chromium rates the underlying flaw as Critical severity, though CVSS scores it 7.5 due to required user interaction and high attack complexity. No public exploit identified at time of analysis.

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free flaw in the Bluetooth component, triggered by a crafted HTML page. Chromium rates the severity as Critical, and a vendor patch is available; no public exploit has been identified at time of analysis, though the bug is tracked in the Chromium issue tracker (516987814).

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.103 allows remote attackers to exploit a use-after-free flaw in the Gamepad component via a crafted HTML page, requiring only that a victim visit a malicious site. Chromium rates this Critical severity and the CVSS score of 9.6 reflects scope change (sandbox escape) with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, but the bug class and Critical Chromium rating make it a high-priority browser patch.

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to 149.0.7827.103 stems from a use-after-free condition in the browser's Bluetooth subsystem, rated Critical by Chromium's internal severity scale and CVSS 8.8 by NVD. A remote attacker operating a malicious Bluetooth peripheral can trigger memory corruption to execute arbitrary code in the browser process after the victim performs minimal interaction. No public exploit identified at time of analysis, though Google has released a patched Stable channel build addressing the flaw.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free flaw in the TabStrip UI component, allowing remote attackers to execute arbitrary code when victims interact with a malicious HTML page via specific UI gestures. Google rates the Chromium severity as Critical, and a vendor-released patch is available; no public exploit has been identified at time of analysis. The high attack complexity (AC:H) and required user interaction (UI:R) constrain mass exploitation despite the severe technical impact.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free in the Aura UI framework. Google rates the underlying Chromium issue as Critical severity, though exploitation requires a prior renderer compromise and user interaction (visiting a malicious page). No public exploit has been identified at time of analysis and the CVE is not listed in CISA KEV.

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's File Input component before version 149.0.7827.103 allows a remote attacker to exploit a use-after-free condition by luring a user to a crafted HTML page, with Chromium rating the issue Critical. No public exploit identified at time of analysis, but the high CVSS 8.8 score and browser attack surface make this a priority patch for desktop fleets.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's Ozone display server component prior to version 149.0.7827.103 allows remote attackers to exploit a use-after-free condition through a malicious web page, with Chromium rating this as Critical severity. Successful exploitation requires the victim to visit attacker-controlled HTML content, but yields high impact on confidentiality, integrity, and availability in the renderer process. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Heap corruption via use-after-free in Chrome's Ozone display subsystem (versions prior to 149.0.7827.103) enables a local attacker with physical device access to achieve high-impact compromise across confidentiality, integrity, and availability. The CVSS vector (AV:P/AC:L/PR:N/UI:N) confirms physical presence is the primary prerequisite, with no authentication or user interaction required once access is obtained. No public exploit code or CISA KEV listing has been identified at time of analysis; a vendor-released patch is available in Chrome 149.0.7827.103.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation and memory corruption in the Linux kernel's MediaTek power-domain (pmdomain) driver stems from a use-after-free in scpsys_get_bus_protection_legacy(), where a device node is released via of_node_put() before the error path dereferences it in dev_err_probe(). Affecting kernels using the MediaTek SCPSYS legacy bus-protection code path (typically ARM/ARM64 MediaTek SoC platforms), a local low-privileged attacker able to influence the probe error path could corrupt freed kernel memory, with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, and EPSS exploitation probability is negligible (0.02%, 4th percentile).

Memory Corruption Mediatek Linux +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation and memory corruption in the Linux kernel's topcliff-pch (pch_spi) SPI master driver arises from a use-after-free triggered when the driver is unbound, because DMA buffers are released before the driver's transfer queue is flushed. An attacker with the ability to unbind the device can cause the freed DMA buffers to be accessed by in-flight SPI transfers, yielding CWE-416 memory corruption with high confidentiality, integrity, and availability impact (CVSS 7.8). There is no public exploit identified at time of analysis, and the EPSS probability is negligible (0.02%), consistent with an obscure, hardware-specific driver rather than a broadly exploitable flaw.

Memory Corruption Linux Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Use-after-free in the Linux kernel's Open Firmware (OF) device-tree unit test code (of_unittest_changeset) allows reads of freed memory when the unit test path executes. The flaw lives in selftest code (drivers/of/unittest.c) reachable only when CONFIG_OF_UNITTEST is built in and the test runs, making real-world impact narrow. EPSS is 0.02% (5th percentile) and there is no public exploit identified at time of analysis; the bug has been fixed upstream and backported to stable trees.

Linux Information Disclosure Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local memory corruption in the Linux kernel's mtd/docg3 M-Systems DiskOnChip driver occurs when docg3_release() dereferences a docg3 pointer already freed by doc_release_device() (kfree at line 1881), a CWE-416 use-after-free reachable during device teardown. Only systems that load the docg3 driver for DiskOnChip G3 flash hardware are affected. There is no public exploit identified at time of analysis, EPSS is negligible (0.02%, 7th percentile), and the issue is not in CISA KEV; it has been fixed upstream across multiple stable branches.

Memory Corruption Linux Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel's HMM (Heterogeneous Memory Management) test driver (lib/test_hmm) allows local users to trigger a kernel panic and potentially escalate privileges when device private pages are faulted in after the dmirror file descriptor is closed. The flaw was discovered during arm64 selftest runs where a SIGABRT coredump walked stale VMAs and dereferenced a dangling zone_device_data pointer. EPSS is very low (0.02%) and there is no public exploit identified at time of analysis, but the bug is fixed upstream across multiple stable trees.

Linux Information Disclosure Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Use-after-free in the mod_http2 module of Apache HTTP Server versions 2.4.55 through 2.4.67 allows remote attackers to trigger memory corruption when the server's file handle pool is exhausted. The flaw carries a CVSS 7.3 (low impact across confidentiality, integrity, and availability) and is reachable over the network without authentication or user interaction, though no public exploit identified at time of analysis. Tagging emphasizes denial-of-service and memory corruption as the primary realistic outcomes.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in Apache HTTP Server versions 2.4.0 through 2.4.67 is possible through a use-after-free condition in mod_ldap when LDAP authentication or authorization is configured in a per-directory context. The CVSS 9.8 rating reflects unauthenticated network exploitation with high impact across confidentiality, integrity, and availability, though no public exploit has been identified at time of analysis and EPSS exploitation probability remains very low at 0.02%. CISA SSVC assesses exploitation status as none but flags the issue as automatable with total technical impact.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation via use-after-free in the Linux kernel io_uring io-wq worker subsystem allows an unprivileged local user to corrupt kernel memory and potentially execute arbitrary code in kernel context. The flaw lives in io_wq_remove_pending(), where a missing io_wq_is_hashed() check on the predecessor work item lets a non-hashed io_kiocb be recorded in wq->hash_tail[0]; after that request is freed back to req_cachep, the stale pointer is dereferenced on the next hashed bucket-0 enqueue. EPSS is very low (0.02%) and no public exploit identified at time of analysis, but the bug is reachable from any process that can issue io_uring syscalls.

Linux Information Disclosure Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Use-after-free read in X.Org X server and Xwayland's CreateSaverWindow() function exposes heap memory to local authenticated users, resulting in information disclosure. A low-privileged local X client can manipulate window attributes and force screen saver activation to trigger a read from freed memory, leaking potentially sensitive heap contents (C:H/I:N/A:N). No public exploit identified at time of analysis, and this vulnerability is not listed in CISA KEV; however, an upstream fix commit has been published and a Red Hat advisory is available.

Information Disclosure Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in the X.Org X server and Xwayland arises from a use-after-free in SyncChangeCounter() that a local authenticated attacker can trigger by orchestrating two client connections - one creating multiple SyncCounters, the other destroying them while they are being changed. On systems where the X server still runs as root (common on legacy Linux setups), successful exploitation yields root code execution; at minimum it crashes the display server. No public exploit identified at time of analysis, but the bug is confirmed by Red Hat and a fix has landed upstream in xserver.

Use After Free Memory Corruption Privilege Escalation +5
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in the X.Org X server and Xwayland arises from a use-after-free in FreeCounter() when SyncCounter objects are destroyed across multiple client connections. Authenticated local attackers on affected Red Hat Enterprise Linux 6 through 10 systems can crash the server or escalate to root when the X server runs with elevated privileges. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Privilege Escalation +5
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in X.Org X server and Xwayland enables authenticated local users to trigger a use-after-free in miSyncDestroyFence() by racing two client connections against a shared fence object. Successful exploitation can crash the display server or escalate privileges to root when the X server runs as root, which remains common on legacy and embedded Linux deployments. No public exploit identified at time of analysis, but an upstream fix has been committed by the X.Org maintainers.

Use After Free Memory Corruption Privilege Escalation +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's PDFium component prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to open a crafted PDF file. The flaw is a use-after-free memory corruption issue (CWE-416) carrying a CVSS 8.8 rating, though Chromium rated its security severity as Low and no public exploit has been identified at time of analysis. User interaction is required, and code execution is constrained to the Chrome sandbox absent a chained sandbox escape.

Google Memory Corruption RCE +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the PDFium component, allowing a remote attacker to execute arbitrary code within the renderer sandbox by serving a crafted PDF file. While exploitation is constrained to the sandbox and requires user interaction (visiting a page or opening a PDF), the CVSS score of 8.8 reflects the high impact on confidentiality, integrity, and availability if combined with a sandbox escape. No public exploit identified at time of analysis, and CISA SSVC indicates exploitation status of 'none'.

Google Memory Corruption RCE +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's PDFium component prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox via a crafted PDF file. The flaw is a use-after-free memory corruption issue (CWE-416) requiring user interaction to open or render the malicious PDF, and no public exploit identified at time of analysis. Chromium rates the security severity as Low despite the CVSS 8.8 score, reflecting the sandbox containment of the resulting code execution.

Google Memory Corruption RCE +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's PDFium component before version 149.0.7827.53 allows remote attackers to potentially execute arbitrary code by tricking a user into opening a crafted PDF file. The flaw is a use-after-free (CWE-416) carrying a CVSS 8.8 rating, though no public exploit identified at time of analysis and EPSS exploitation probability is negligible at 0.03% (11th percentile). Google rates the Chromium severity as Low despite the high CVSS, reflecting the requirement for user interaction and absence of observed exploitation.

Denial Of Service Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the PDFium component that parses PDF documents. A remote attacker who lures a user into opening a crafted PDF can execute arbitrary code, though execution is contained within Chrome's renderer sandbox. No public exploit is identified at time of analysis, and SSVC indicates no observed exploitation.

Google Memory Corruption RCE +3
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to break out of the renderer sandbox via a use-after-free flaw in the Input component when a victim visits a crafted HTML page. The CVSS score of 9.6 reflects the scope change inherent to sandbox escapes, though Chromium rated the underlying severity as Low and EPSS estimates exploitation probability at only 0.03%. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the TabStrip component, enabling a remote attacker who lures a victim to a crafted HTML page to corrupt memory and execute arbitrary code within the renderer context. Google rates the underlying Chromium severity as Low, but the CVSS base score of 8.8 reflects the potential impact when chained with a sandbox escape. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Google Memory Corruption RCE +5
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Information disclosure in Google Chrome DevTools prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to read potentially sensitive data from process memory by serving a crafted HTML page. The flaw stems from a use-after-free condition (CWE-416) in DevTools, and while Google rates the underlying Chromium severity as Low, the NVD CVSS of 9.6 reflects the cross-origin scope change possible when chained with a prior renderer compromise. No public exploit identified at time of analysis.

Information Disclosure Use After Free Memory Corruption +4
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Use-after-free in the Network component of Google Chrome prior to version 149.0.7827.53 enables an attacker who has already compromised the renderer process to read potentially sensitive data from process memory by delivering a crafted HTML page. The Changed scope (S:C) in the CVSS vector confirms the vulnerability crosses security boundaries - specifically from the renderer sandbox into the Network process - making this a secondary exploitation step rather than an initial access vector. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog; Google has released a patched stable channel build.

Denial Of Service Use After Free Memory Corruption +4
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome prior to 149.0.7827.53 stems from a use-after-free flaw in the Extensions component, allowing a remote attacker who tricks a user into visiting a crafted HTML page to execute arbitrary code inside the browser's renderer sandbox. The issue is rated High by NVD (CVSS 8.8) despite Chromium's own Low severity tag, and no public exploit identified at time of analysis. A vendor patch is available via the June 2026 Stable Channel update.

Google Memory Corruption RCE +2
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in Google Chrome on Linux versions prior to 149.0.7827.53 allows a remote attacker to exploit a use-after-free condition in the Chromoting component via malicious network traffic. The flaw carries a CVSS 3.1 score of 8.1 (high) with no public exploit identified at time of analysis and an EPSS probability of 0.04%, though Google rates the Chromium severity as Low. The vendor has shipped a fix in the stable channel update for desktop.

Google Memory Corruption RCE +5
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory information disclosure in Google Chrome's Codecs component affects all desktop versions prior to 149.0.7827.53, enabling remote unauthenticated attackers to read potentially sensitive data from browser process memory when a user visits a specially crafted HTML page. The root cause is a use-after-free (CWE-416) in the media codec subsystem, yielding high confidentiality impact with no integrity or availability consequences per CVSS. EPSS is very low at 0.03% (11th percentile) and SSVC confirms no active exploitation, placing this firmly in the routine patch category despite its Medium severity score.

Denial Of Service Use After Free Memory Corruption +4
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free condition in the ServiceWorker component that can be triggered by a malicious browser extension. An attacker who convinces a user to install a crafted Chrome Extension can achieve arbitrary code execution within the renderer context. No public exploit has been identified at time of analysis and EPSS exploitation probability is very low at 0.01%, but the high CVSS score (8.8) reflects the severe potential impact.

Google Memory Corruption RCE +5
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Sandbox escape in Google Chrome for Android before 149.0.7827.53 lets a remote attacker exploit a use-after-free in the USB component by luring a victim to a crafted HTML page, potentially breaking out of the renderer sandbox. CVSS 8.8 reflects the high impact across confidentiality, integrity, and availability, though successful attack requires user interaction (visiting the page). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption +4
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Arbitrary code execution within the Chrome renderer sandbox is possible in Google Chrome versions prior to 149.0.7827.53 due to a use-after-free defect in the V8 JavaScript engine. Exploitation requires social engineering a user into installing a malicious Chrome Extension, after which a crafted extension can trigger the memory corruption and run attacker-controlled code inside the sandboxed process. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Google Memory Corruption RCE +5
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's Omnibox component prior to version 149.0.7827.53 allows remote attackers to potentially execute arbitrary code via a use-after-free condition triggered by a crafted HTML page combined with specific user interface gestures. The flaw carries a CVSS 8.8 (High) rating, though Chromium's internal triage assigned only Medium severity, and EPSS estimates exploitation probability at just 0.03%. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on iOS before 149.0.7827.53 can be triggered by a remote attacker who lures a user to a malicious HTML page that abuses a use-after-free condition in the WebMIDI subsystem. Successful exploitation breaks out of the renderer sandbox with high confidentiality, integrity, and availability impact, though no public exploit is identified at time of analysis and EPSS probability is very low (0.03%).

Google Memory Corruption Apple +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's Blink rendering engine prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free memory corruption issue (CWE-416) tagged for RCE and DoS impact, and no public exploit has been identified at time of analysis. CISA SSVC currently lists exploitation as 'none' despite the high CVSS 8.8 score, indicating significant theoretical impact but no observed in-the-wild activity yet.

Google Memory Corruption RCE +5
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows remote attackers to break out of the browser's renderer sandbox via a use-after-free in the Messages component triggered by a crafted HTML page. The CVSS vector indicates a scope-changing impact requiring only user interaction (visiting a malicious page), and a vendor patch is available. No public exploit identified at time of analysis and EPSS is low (0.03%), but the sandbox-escape primitive makes this a high-priority browser update.

Denial Of Service Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free in the Dawn WebGPU implementation, enabling a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. No public exploit identified at time of analysis, and EPSS probability is very low (0.03%), though Google has released a stable channel update addressing the flaw.

Denial Of Service Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Dawn (WebGPU) component prior to version 149.0.7827.53 allows a remote attacker to break out of the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free (CWE-416) object lifecycle bug; no public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.03% (11th percentile). Google rates the underlying Chromium severity as Medium, but the CVSS 3.1 score of 9.6 reflects the scope change inherent to a sandbox escape.

Information Disclosure Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.53 allows attackers to run arbitrary code within the browser sandbox by enticing a user to visit a crafted HTML page that triggers a use-after-free in the WebML component. Although Chromium rates the severity as Medium, the CVSS 3.1 base score is 8.8 (High), reflecting high impact across confidentiality, integrity, and availability with low attack complexity. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Google Memory Corruption RCE +6
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's Media component prior to version 149.0.7827.53 allows a remote attacker to trigger a use-after-free via a crafted video file, achieving arbitrary code execution within the renderer sandbox. The flaw requires user interaction (UI:R) such as visiting a malicious page or opening a hostile video, and no public exploit identified at time of analysis. EPSS is very low (0.04%, 12th percentile), but the network-reachable RCE primitive and broad Chrome install base make timely patching essential.

Google Memory Corruption RCE +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows attackers to execute arbitrary code within the renderer sandbox through a use-after-free flaw in the Canvas component. Exploitation requires a victim to visit a crafted HTML page, and no public exploit has been identified at time of analysis. Google rates this as Medium severity internally despite the CVSS 8.8 score, reflecting the sandbox containment limit.

Google Memory Corruption RCE +5
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Android versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free bug in the Autofill component. Exploitation requires a victim to load a crafted HTML page and the attacker to already control the renderer, making this a second-stage primitive rather than a single-shot RCE. No public exploit identified at time of analysis and EPSS is very low (0.03%, 11th percentile), but the high CVSS reflects the impact of full sandbox escape on a mobile platform.

Denial Of Service Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Media component, allowing a remote attacker who can lure a victim to a crafted HTML page to execute arbitrary code within the renderer sandbox. The high CVSS score of 8.8 reflects the severe impact triad (C:H/I:H/A:H), though exploitation requires user interaction (UI:R) and code execution is contained within Chrome's sandbox boundary. There is no public exploit identified at time of analysis, and SSVC indicates no observed exploitation.

Google Memory Corruption RCE +5
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page that triggers a use-after-free in the Compositing component. The flaw carries a CVSS 8.8 rating and is tagged as RCE/DoS/memory corruption, though no public exploit identified at time of analysis and Google rates the security severity as Medium. Exploitation is constrained to in-sandbox code execution and requires user interaction (visiting the malicious page).

Google Memory Corruption RCE +5
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's WebRTC component prior to 149.0.7827.53 allows remote attackers to execute arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free memory corruption issue rated CVSS 8.8 with high impact across confidentiality, integrity, and availability, though execution remains confined to the sandbox and no public exploit identified at time of analysis.

Google Memory Corruption RCE +5
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker to exploit a use-after-free condition in the Views component via a crafted HTML page. The flaw carries a CVSS 3.1 score of 8.8 with network attack vector and requires user interaction (visiting a malicious page), and no public exploit has been identified at time of analysis despite Google's vendor patch being released.

Google Memory Corruption RCE +6
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.53 is possible through a use-after-free flaw in the Chromoting (Chrome Remote Desktop) component, triggered by malicious network traffic targeting a victim's session. The CVSS 8.8 score reflects high impact across confidentiality, integrity, and availability, though successful exploitation requires user interaction. No public exploit has been identified at time of analysis and EPSS exploitation probability is very low at 0.04%.

Google Memory Corruption RCE +3
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Local privilege escalation in Google Chrome on Windows prior to 149.0.7827.53 stems from a use-after-free condition in the Updater component, allowing a local attacker who can place a malicious file to elevate to OS-level privileges. The flaw was reported by Google's Chrome security team with no public exploit identified at time of analysis, and EPSS scoring is very low at 0.01% reflecting minimal predicted exploitation activity. Chromium rates the severity as Medium while the CVSS base score of 7.3 reflects the high impact of OS-level privilege escalation.

Privilege Escalation Google Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on macOS prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the Device Trust component. The flaw carries a CVSS 9.6 due to scope change and full CIA impact, though Chromium rates the underlying severity as Medium and EPSS is very low (0.03%, 11th percentile); no public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on macOS prior to 149.0.7827.53 allows remote attackers to break out of the renderer sandbox via a use-after-free in the File Input component when a victim is lured to perform specific UI gestures on a crafted HTML page. Although Google classified the upstream severity as Medium, the CVSS 3.1 score of 9.6 reflects the scope-change impact of sandbox escape; no public exploit identified at time of analysis and EPSS is very low at 0.03%.

Denial Of Service Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Codecs component triggered by a crafted HTML page. The flaw requires user interaction (visiting a malicious page) and chains with a prior renderer compromise; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile).

Google Memory Corruption Use After Free +3
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a race condition in the GPU process triggered by a crafted HTML page. The flaw is a use-after-free (CWE-416) reachable through normal web content rendering, and while no public exploit is identified at time of analysis, the EPSS percentile of 11% suggests low near-term opportunistic exploitation likelihood.

Information Disclosure Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome for Android's WebView component prior to version 149.0.7827.53 allows remote attackers to potentially execute code or crash the browser by luring victims to a crafted HTML page. The flaw is a use-after-free (CWE-416) rated CVSS 8.8 due to network reach and high impact across confidentiality, integrity, and availability, though user interaction is required. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.03%).

Denial Of Service Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on Linux prior to version 149.0.7827.53 allows a remote attacker to exploit a use-after-free condition in the WebRTC component via a crafted HTML page. The flaw carries a CVSS 3.1 score of 8.8 with user interaction required, and while no public exploit has been identified at time of analysis, Chromium-class memory corruption bugs in WebRTC are historically high-value targets. Google has released a patched stable channel build, and Chromium itself rates the severity as Medium despite the higher NVD CVSS.

Google Memory Corruption RCE +5
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Use-after-free in Google Chrome's WebGL component (prior to 149.0.7827.53) exposes process memory to remote attackers who can lure a user to a crafted HTML page. The vulnerability is limited to confidentiality - CVSS C:H/I:N/A:N - meaning an attacker can read potentially sensitive data from Chrome's process memory but cannot write or crash the process per the scored vector. No public exploit has been identified at time of analysis, and EPSS sits at 0.03% (10th percentile), indicating low observed exploitation pressure. Google has shipped a fix in the stable channel release 149.0.7827.53.

Denial Of Service Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Google Chrome for Android prior to 149.0.7827.53 stems from a use-after-free in the WebView component, triggered when a victim opens a malicious file. Per CVSS 7.8 (AV:L/UI:R), exploitation requires local delivery plus user interaction, and there is no public exploit identified at time of analysis (EPSS 0.01%, not in CISA KEV).

Google Memory Corruption RCE +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Information disclosure in Google Chrome on Linux prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to read sensitive data from process memory by serving a crafted HTML page that triggers a use-after-free in the Base component. The flaw is rated Medium by Chromium but scored CVSS 8.8 in NVD, and no public exploit identified at time of analysis with an EPSS of 0.03%.

Denial Of Service Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome desktop versions prior to 149.0.7827.53 stems from a use-after-free flaw in the WebSockets implementation that an attacker can trigger by luring a victim to a crafted HTML page. Although code execution is constrained to Chrome's renderer sandbox, the CVSS 8.8 rating reflects high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Google has shipped a fix in the stable channel, but the bug typically becomes a building block for full chain exploits when combined with a sandbox escape.

Google Memory Corruption RCE +5
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page targeting a use-after-free in the ANGLE graphics layer. The flaw requires user interaction (visiting a malicious page) and changes scope, yielding high confidentiality, integrity, and availability impact on the host. No public exploit identified at time of analysis and EPSS probability is very low (0.03%, 11th percentile), but a vendor patch is available.

Denial Of Service Use After Free Memory Corruption +4
NVD VulDB
Prev Page 6 of 69 Next

Quick Facts

Typical Severity
HIGH
Category
memory
Total CVEs
6128

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy