Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-11009

Summary
Assigner-Chrome
Assigner Org ID-ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At-04 Jun, 2026 | 23:04
Updated At-04 Jun, 2026 | 23:04
Rejected At-
Credits

Use after free in USB in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Chrome
Assigner Org ID:ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At:04 Jun, 2026 | 23:04
Updated At:04 Jun, 2026 | 23:04
Rejected At:
â–¼CVE Numbering Authority (CNA)

Use after free in USB in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Affected Products
Vendor
Google LLCGoogle
Product
Chrome
Versions
Affected
  • From 149.0.7827.53 before 149.0.7827.53 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AUse after free
Type: N/A
CWE ID: N/A
Description: Use after free
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
N/A
https://issues.chromium.org/issues/496233132
N/A
Hyperlink: https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
Resource: N/A
Hyperlink: https://issues.chromium.org/issues/496233132
Resource: N/A
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:chrome-cve-admin@google.com
Published At:04 Jun, 2026 | 23:17
Updated At:05 Jun, 2026 | 15:02

Use after free in USB in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-416Primarychrome-cve-admin@google.com
CWE ID: CWE-416
Type: Primary
Source: chrome-cve-admin@google.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.htmlchrome-cve-admin@google.com
N/A
https://issues.chromium.org/issues/496233132chrome-cve-admin@google.com
N/A
Hyperlink: https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://issues.chromium.org/issues/496233132
Source: chrome-cve-admin@google.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1053Records found
CVE-2022-3311
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.10%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 01:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in import in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-3306
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.66% / 71.65%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-06 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chrome_oschromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-3305
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.10% / 78.43%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-06 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chrome_oschromeChrome
CWE ID-CWE-416
Use After Free
CVE-2023-4074
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.49% / 65.98%
||
7 Day CHG+0.03%
Published-03 Aug, 2023 | 00:27
Updated-13 Feb, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2018-9417
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.50%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 21:10
Updated-22 Nov, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In f_hidg_read and hidg_disable of f_hid.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-416
Use After Free
CVE-2022-1135
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.64% / 71.04%
||
7 Day CHG~0.00%
Published-22 Jul, 2022 | 23:37
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2018-9428
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.05% / 14.57%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 21:25
Updated-22 Nov, 2024 | 22:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use after free. This could lead to local arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. https://source.android.com/security/bulletin/2018-07-01

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-416
Use After Free
CVE-2022-0458
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.82%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:51
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Thumbnail Tab Strip in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-0452
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.29% / 53.05%
||
7 Day CHG-0.00%
Published-05 Apr, 2022 | 00:50
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-0464
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.82%
||
7 Day CHG-0.10%
Published-05 Apr, 2022 | 00:51
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-3196
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.74% / 73.25%
||
7 Day CHG~0.00%
Published-26 Sep, 2022 | 00:00
Updated-21 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-fedorachromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-0808
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.54% / 68.06%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:26
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-0796
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.47% / 64.93%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:25
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-chromewindowsmacoslinux_kernelChrome
CWE ID-CWE-416
Use After Free
CVE-2022-0977
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.49% / 65.97%
||
7 Day CHG~0.00%
Published-21 Jul, 2022 | 21:05
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-3041
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.58% / 69.39%
||
7 Day CHG~0.00%
Published-26 Sep, 2022 | 15:01
Updated-21 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-fedorachromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-0978
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.66% / 71.50%
||
7 Day CHG~0.00%
Published-21 Jul, 2022 | 21:06
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-0974
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.79% / 74.21%
||
7 Day CHG~0.00%
Published-21 Jul, 2022 | 21:05
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2026-11144
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-Not Assigned
EPSS-0.04% / 11.67%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:05
Updated-05 Jun, 2026 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-416
Use After Free
CVE-2022-3058
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.87% / 75.61%
||
7 Day CHG~0.00%
Published-26 Sep, 2022 | 15:01
Updated-21 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-fedorachromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-0794
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.45% / 63.98%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:25
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2018-9483
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 55.84%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 17:43
Updated-18 Dec, 2024 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In bta_dm_remove_sec_dev_entry of bta_dm_act.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-0790
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.58% / 69.23%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:25
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2025-2476
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-10.65% / 93.45%
||
7 Day CHG~0.00%
Published-19 Mar, 2025 | 18:59
Updated-01 Apr, 2025 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-1125
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.81% / 74.56%
||
7 Day CHG-0.01%
Published-22 Jul, 2022 | 23:35
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-0793
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.48%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:25
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted Chrome Extension.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2025-22408
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-1.98% / 83.92%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 22:48
Updated-02 Sep, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2022-0979
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.66% / 71.50%
||
7 Day CHG~0.00%
Published-21 Jul, 2022 | 21:06
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2025-22406
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.09% / 25.36%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 22:48
Updated-02 Sep, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In bnepu_check_send_packet of bnep_utils.cc, there is a possible way to achieve code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2025-22411
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.15% / 34.84%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 22:48
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In process_service_attr_rsp of sdp_discovery.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2025-22409
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.10% / 27.00%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 22:48
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2025-22407
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.29%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 22:48
Updated-02 Sep, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In hidd_check_config_done of hidd_conn.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2021-21203
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.46% / 81.21%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 16:25
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2022-1310
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.42% / 80.95%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 13:40
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-1313
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.81% / 74.63%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 13:41
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-0798
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.48%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:25
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-chromewindowsmacoslinux_kernelChrome
CWE ID-CWE-416
Use After Free
CVE-2022-2606
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.99% / 77.28%
||
7 Day CHG~0.00%
Published-12 Aug, 2022 | 19:36
Updated-03 Aug, 2024 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2025-2136
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.35% / 57.78%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 20:39
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-2613
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.10% / 78.40%
||
7 Day CHG~0.00%
Published-12 Aug, 2022 | 19:36
Updated-03 Aug, 2024 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedorachrome_osChrome
CWE ID-CWE-416
Use After Free
CVE-2022-0973
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.61% / 70.23%
||
7 Day CHG~0.00%
Published-21 Jul, 2022 | 21:05
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2023-35658
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.03% / 7.75%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 20:09
Updated-26 Sep, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible privilege escalation due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-416
Use After Free
CVE-2026-4676
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.05% / 16.25%
||
7 Day CHG+0.01%
Published-24 Mar, 2026 | 00:24
Updated-25 Mar, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-416
Use After Free
CVE-2022-1131
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.56% / 68.57%
||
7 Day CHG~0.00%
Published-22 Jul, 2022 | 23:36
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-0293
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.72% / 72.95%
||
7 Day CHG~0.00%
Published-12 Feb, 2022 | 01:35
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-0607
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.58% / 69.20%
||
7 Day CHG~0.00%
Published-04 Apr, 2022 | 23:55
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-0453
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.29% / 53.05%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:50
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2025-1704
Matching Score-6
Assigner-ChromeOS Project
ShareView Details
Matching Score-6
Assigner-ChromeOS Project
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 58.22%
||
7 Day CHG-0.02%
Published-16 Apr, 2025 | 23:06
Updated-11 Jul, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition.

Action-Not Available
Vendor-Google LLC
Product-chrome_osChromeOS
CWE ID-CWE-416
Use After Free
CVE-2022-2296
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.36% / 80.49%
||
7 Day CHG~0.00%
Published-28 Jul, 2022 | 01:01
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromeextra_packages_for_enterprise_linuxfedorachrome_osChrome
CWE ID-CWE-416
Use After Free
CVE-2022-2158
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.39% / 80.70%
||
7 Day CHG~0.00%
Published-28 Jul, 2022 | 00:40
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromeextra_packages_for_enterprise_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2025-14372
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 16.72%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 19:20
Updated-19 Dec, 2025 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Password Manager in Google Chrome prior to 143.0.7499.110 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.Google LLC
Product-linux_kernelwindowschromemacosChrome
CWE ID-CWE-416
Use After Free
CVE-2022-0296
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.90% / 76.08%
||
7 Day CHG~0.00%
Published-12 Feb, 2022 | 01:35
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 21
  • 22
  • Next
Details not found