CVE-2026-10959: Use after free in Google Chrome
CVE-2026-10959 is a high-severity use-after-free vulnerability in the Input component of Google Chrome on Android versions prior to 149. 0. 7827. 53. This flaw allows a remote attacker to execute arbitrary code within the browser's sandbox by tricking a user into visiting a specially crafted HTML page. The vulnerability has a CVSS score of 8. 8, indicating a significant risk to confidentiality, integrity, and availability. There is no explicit vendor advisory stating the availability of a patch or mitigation. The vulnerability is not known to be exploited in the wild at this time.
AI Analysis
Technical Summary
This vulnerability involves a use-after-free condition in the Input handling of Google Chrome on Android before version 149.0.7827.53. Exploitation requires user interaction (visiting a malicious HTML page) and can lead to arbitrary code execution within the sandboxed environment of the browser. The CVSS vector indicates network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, and high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation could allow remote attackers to execute arbitrary code inside the sandbox of the affected Chrome browser on Android, potentially compromising the confidentiality, integrity, and availability of the user's browsing environment. No known exploits in the wild have been reported.
Mitigation Recommendations
The vulnerability affects Chrome versions prior to 149.0.7827.53 on Android. Users should update to version 149.0.7827.53 or later once available. The vendor advisory linked does not explicitly confirm patch availability or remediation status; therefore, patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
CVE-2026-10959: Use after free in Google Chrome
Description
CVE-2026-10959 is a high-severity use-after-free vulnerability in the Input component of Google Chrome on Android versions prior to 149. 0. 7827. 53. This flaw allows a remote attacker to execute arbitrary code within the browser's sandbox by tricking a user into visiting a specially crafted HTML page. The vulnerability has a CVSS score of 8. 8, indicating a significant risk to confidentiality, integrity, and availability. There is no explicit vendor advisory stating the availability of a patch or mitigation. The vulnerability is not known to be exploited in the wild at this time.
CVSS v3.1
Score 8.8high
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a use-after-free condition in the Input handling of Google Chrome on Android before version 149.0.7827.53. Exploitation requires user interaction (visiting a malicious HTML page) and can lead to arbitrary code execution within the sandboxed environment of the browser. The CVSS vector indicates network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, and high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation could allow remote attackers to execute arbitrary code inside the sandbox of the affected Chrome browser on Android, potentially compromising the confidentiality, integrity, and availability of the user's browsing environment. No known exploits in the wild have been reported.
Mitigation Recommendations
The vulnerability affects Chrome versions prior to 149.0.7827.53 on Android. Users should update to version 149.0.7827.53 or later once available. The vendor advisory linked does not explicitly confirm patch availability or remediation status; therefore, patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-06-04T17:06:15.960Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html","vendor":"Google"}]
Threat ID: 6a220805e29bf47b50dbad02
Added to database: 6/4/2026, 11:19:33 PM
Last enriched: 6/5/2026, 2:48:25 AM
Last updated: 6/5/2026, 4:57:34 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.