CVE-2026-10890

8.8 HIGH

Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to potentially exploit he...

Published: 2026-06-04 · Last updated: 2026-06-05

Severity and scoring

CVSS: 8.8 HIGH
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416

Affected products

Vendor	Product
google	chrome

Description

Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: Critical)

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10890
[Vendor advisory]https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
[Other]https://issues.chromium.org/issues/513136593

Related CVEs

Same vendor

CVE-2026-11701 — Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via ... (5.4 MEDIUM)
CVE-2026-11700 — Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to ... (8.3 HIGH)
CVE-2026-11699 — Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corrupt... (8.8 HIGH)
CVE-2026-11698 — Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corrupt... (8.8 HIGH)
CVE-2026-11697 — Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perfor... (9.6 CRITICAL)

Same CWE

CVE-2026-12035 — Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corrupt...
CVE-2026-12029 — Use after free in Video in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer pr... (8.3 HIGH)
CVE-2026-12028 — Use after free in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer proc... (8.3 HIGH)
CVE-2026-12023 — Use after free in GPU in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process ... (8.3 HIGH)
CVE-2026-12020 — Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corrupti... (8.8 HIGH)