{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7335", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-28T20:02:33.559Z", "datePublished": "2026-04-28T22:36:03.952Z", "dateUpdated": "2026-04-28T22:36:03.952Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.138", "status": "affected", "lessThan": "147.0.7727.138", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Use after free in media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use after free", "cweId": "CWE-416"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-28T22:36:03.952Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"}, {"url": "https://issues.chromium.org/issues/500387779"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use after free in media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"}], "id": "CVE-2026-7335", "lastModified": "2026-04-28T23:16:21.067", "metrics": {}, "published": "2026-04-28T23:16:21.067", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/500387779"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[147.0.7727.138,147.0.7727.138)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-29T02:10:35.484560+00:00", "value": {"mitigation_remediation": ["Upgrade Google Chrome to version 147.0.7727.138 or newer", "Configure Chrome to block or disable media playback for untrusted content, if possible", "Keep the browser\u2019s auto\u2011update feature enabled to receive future security patches promptly"], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All installations of Google Chrome versions earlier than 147.0.7727.138 are affected. The issue is limited to the media handling components and does not require elevated privileges beyond the normal browser user context.", "description_and_impact": "A use\u2011after\u2011free flaw in Chrome\u2019s media subsystem allows a remote attacker to execute arbitrary code within the browser\u2019s sandbox via a specially crafted HTML page. The vulnerability can be exploited to run code inside the sandboxed environment.", "risk_and_exploitability": "The flaw carries a high severity rating and facilitates code execution within a sandboxed environment. No EPSS score is available, and the vulnerability is not yet listed in CISA\u2019s KEV catalog. Exploitation likely requires the user to load a malicious webpage, making social engineering a prerequisite. Given the lack of public exploitation evidence and the absence of a KEV listing, the immediate risk remains moderate to high for actively browsing users."}}}}, "created": "2026-04-29T01:30:05.918418+00:00", "title": "Use After Free in Chrome Media Allowing Remote Code Execution", "updated": "2026-04-29T02:15:47.409259+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}