CVE DATABASE / CVE-2026-9873
CVE-2026-9873
CVSS 8.8 · HIGH
Summary
Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
CVSS 3.1 breakdown
| Base score | 8.8 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Google chromeMicrosoft windowsApple macosLinux linux kernel
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
Our coverage
References
- https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html
- https://issues.chromium.org/issues/507365348
Data: NIST NVD. NVD last modified 2026-05-29. Always verify against the vendor advisory before acting.