CVE-2026-9946
Use After Free in Google Chrome ANGLE Component
Publication date: 2026-05-28
Last updated on: 2026-05-29
Assigner: Chrome
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chrome | to 148.0.7778.216 (exc) | |
| chrome | to 148.0.7778.215 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a use-after-free issue in ANGLE, a component used by Google Chrome. It affects versions of Google Chrome prior to 148.0.7778.216. A remote attacker who has already compromised the renderer process can exploit this vulnerability by using a specially crafted HTML page.
The exploitation could potentially allow the attacker to escape the browser's sandbox, which is a security mechanism designed to isolate processes and limit their access to the system.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker to break out of the sandbox environment of the browser. This means the attacker could gain higher privileges on the system than normally allowed by the browser's security model.
Such an attack could lead to unauthorized access to system resources, data theft, installation of malware, or further compromise of the affected system.