Use after free in XR in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
History

Fri, 29 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Use-after-Free in Chrome XR Allows Sandbox Escape via Crafted HTML chromium-browser: Use after free in XR
Weaknesses CWE-825
References
Metrics threat_severity

None

cvssV3_1

{'score': 9.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

threat_severity

Critical


Fri, 29 May 2026 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
Title Use-after-Free in Chrome XR Allows Sandbox Escape via Crafted HTML

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Use after free in XR in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Weaknesses CWE-416
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-28T22:25:14.097Z

Reserved: 2026-05-28T17:24:44.477Z

Link: CVE-2026-9890

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-28T23:16:46.983

Modified: 2026-05-29T02:35:42.620

Link: CVE-2026-9890

cve-icon Redhat

Severity : Critical

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-9890 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T01:15:06Z