CVE DATABASE / CVE-2026-9874
CVE-2026-9874
CVSS 9.6 · CRITICAL
Summary
Use after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVSS 3.1 breakdown
| Base score | 9.6 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | CHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Google chromeMicrosoft windowsApple macosLinux linux kernel
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
Our coverage
References
- https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html
- https://issues.chromium.org/issues/500609038
Data: NIST NVD. NVD last modified 2026-05-29. Always verify against the vendor advisory before acting.