CVE-2026-10896: Use after free in Google Chrome
CVE-2026-10896 is a use-after-free vulnerability in Google Chrome for iOS versions prior to 149. 0. 7827. 53. This flaw allows a remote attacker to execute arbitrary code by tricking a user into visiting a specially crafted HTML page. The vulnerability has a high severity with a CVSS score of 8. 8, indicating significant potential impact on confidentiality, integrity, and availability. There are no known exploits in the wild at the time of this report. The vendor advisory linked does not explicitly confirm patch availability or remediation status. Users of affected Chrome versions on iOS should verify update status and apply the latest version when available.
AI Analysis
Technical Summary
This vulnerability is a use-after-free bug in Google Chrome for iOS before version 149.0.7827.53. It enables remote code execution through a crafted HTML page, posing a critical security risk. The CVSS 3.1 base score is 8.8, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, and high impact on confidentiality, integrity, and availability. The vulnerability is publicly disclosed with no confirmed exploits in the wild. The vendor advisory linked does not explicitly state if the issue is fixed in the referenced update or later versions, so patch status is not confirmed.
Potential Impact
Successful exploitation could allow a remote attacker to execute arbitrary code on the affected device, compromising confidentiality, integrity, and availability of the system. This could lead to full compromise of the Chrome browser on iOS. No known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html for current remediation guidance. Users should ensure they update to the latest Chrome version for iOS once the fix is confirmed available. Until then, avoid visiting untrusted or suspicious websites that could host crafted HTML content.
CVE-2026-10896: Use after free in Google Chrome
Description
CVE-2026-10896 is a use-after-free vulnerability in Google Chrome for iOS versions prior to 149. 0. 7827. 53. This flaw allows a remote attacker to execute arbitrary code by tricking a user into visiting a specially crafted HTML page. The vulnerability has a high severity with a CVSS score of 8. 8, indicating significant potential impact on confidentiality, integrity, and availability. There are no known exploits in the wild at the time of this report. The vendor advisory linked does not explicitly confirm patch availability or remediation status. Users of affected Chrome versions on iOS should verify update status and apply the latest version when available.
CVSS v3.1
Score 8.8high
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability is a use-after-free bug in Google Chrome for iOS before version 149.0.7827.53. It enables remote code execution through a crafted HTML page, posing a critical security risk. The CVSS 3.1 base score is 8.8, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, and high impact on confidentiality, integrity, and availability. The vulnerability is publicly disclosed with no confirmed exploits in the wild. The vendor advisory linked does not explicitly state if the issue is fixed in the referenced update or later versions, so patch status is not confirmed.
Potential Impact
Successful exploitation could allow a remote attacker to execute arbitrary code on the affected device, compromising confidentiality, integrity, and availability of the system. This could lead to full compromise of the Chrome browser on iOS. No known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html for current remediation guidance. Users should ensure they update to the latest Chrome version for iOS once the fix is confirmed available. Until then, avoid visiting untrusted or suspicious websites that could host crafted HTML content.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-06-04T17:05:58.392Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html","vendor":"Google"}]
Threat ID: 6a2207eae29bf47b50dba90a
Added to database: 6/4/2026, 11:19:06 PM
Last enriched: 6/5/2026, 3:35:08 AM
Last updated: 6/5/2026, 4:19:40 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.