CVE-2026-10887 in Chrome
Summary
by MITRE • 06/05/2026
Use after free in Chromoting in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 06/05/2026
This vulnerability represents a critical use-after-free flaw in Google Chrome's Chromoting implementation on macOS systems prior to version 149.0.7827.53. The vulnerability manifests when the remote desktop functionality processes malicious network traffic, creating a scenario where freed memory locations are accessed after being deallocated, allowing for potential code execution. The underlying technical issue stems from improper memory management within the Chromoting component where objects are freed from memory but references to these objects persist in the code flow, creating a window where attackers can manipulate the freed memory to inject and execute arbitrary code.
The operational impact of this vulnerability is severe as it enables remote code execution without user interaction, making it particularly dangerous in targeted attack scenarios. Attackers can craft malicious network packets that, when processed by the vulnerable Chromoting service, trigger the use-after-free condition and subsequently execute malicious payloads. This vulnerability aligns with CWE-416, which specifically addresses the use of freed memory conditions in software applications, and can be mapped to ATT&CK technique T1059.007 for remote code execution through network services. The vulnerability exists in the network protocol handling layer of Chromoting, where network traffic is parsed and processed, making it an attractive target for attackers seeking to exploit remote desktop services.
The exploitation process typically involves sending specially crafted network packets that cause the Chromoting service to free memory associated with network processing structures while still maintaining references to these locations. When the application attempts to access these freed memory locations, the attacker can manipulate the memory contents to redirect execution flow to malicious code. This type of vulnerability demonstrates the critical importance of proper memory management in network services, particularly those that handle untrusted data from remote sources. The vulnerability affects all macOS systems running Chrome versions prior to 149.0.7827.53 and represents a significant risk for organizations relying on remote desktop functionality.
Mitigation strategies should prioritize immediate patching of affected Chrome installations to version 149.0.7827.53 or later, which contains the necessary memory management fixes. Organizations should also implement network segmentation and access controls to limit exposure of systems running Chromoting services, particularly in environments where remote desktop functionality is not essential. Additional defensive measures include monitoring network traffic for suspicious patterns that might indicate exploitation attempts and implementing network-based intrusion detection systems to identify malicious traffic targeting this vulnerability. The fix implemented by Google addresses the root cause by ensuring proper memory deallocation and reference management within the Chromoting component, preventing the conditions that allowed the use-after-free scenario to occur.