CVE-2026-15773info

Summary

by MITRE • 07/14/2026

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 07/15/2026

This vulnerability represents a critical use-after-free condition in the core rendering engine of Google Chrome on Windows systems, specifically affecting versions prior to 150.0.7871.125. The flaw occurs when the browser processes maliciously crafted HTML content that triggers improper memory management during object lifecycle handling. When a web page contains specially constructed elements that cause the browser to free memory associated with an object while still referencing it, this creates a dangerous state where subsequent operations can access already deallocated memory locations. This type of vulnerability falls under CWE-416, which specifically addresses use-after-free conditions in software implementations.

The technical exploitation of this vulnerability allows remote attackers to potentially achieve sandbox escape, bypassing Chrome's security boundaries that typically isolate web content from the underlying operating system. The attack vector requires a crafted HTML page delivered through web-based channels such as malicious websites, email attachments, or compromised web servers. During normal browser operation, when processing the malicious content, the core rendering engine fails to properly manage object references, leading to memory corruption that can be leveraged by attackers to execute arbitrary code with the privileges of the Chrome process.

The operational impact of this vulnerability extends beyond simple remote code execution, as it represents a significant escalation in attack capabilities. A successful exploitation could allow adversaries to bypass Chrome's sandbox isolation mechanisms, potentially enabling full system compromise or privilege escalation. The vulnerability's high severity classification by Chromium security team reflects its potential for serious consequences including data theft, persistent backdoor installation, and complete system control. This type of sandbox escape vulnerability aligns with ATT&CK technique T1059, where adversaries use compromised systems to execute commands, and T1070, involving the modification of execution environment through memory manipulation.

Organizations should immediately update to Chrome version 150.0.7871.125 or later to address this vulnerability. Additional mitigations include implementing web application firewalls, deploying content security policies, and maintaining comprehensive network monitoring to detect suspicious browser behavior. The vulnerability demonstrates the critical importance of proper memory management in browser engines and highlights the ongoing challenges in securing complex software systems against sophisticated exploitation techniques that target fundamental runtime behaviors.

Disclosure

07/14/2026

Moderation

in review

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!