CVE-2026-2648 – Chromium Memory Safety and Use-After-Free Vulnerabilities
“Malicious web content could corrupt browser memory and potentially take control of the system.”
This patch addresses three high-severity memory safety vulnerabilities in Chromium. The issues include use-after-free and improper memory handling flaws in core browser components. Specially crafted web pages can trigger memory corruption when rendered, potentially leading to browser crashes or arbitrary code execution in the context of the logged-in user.
- CVE-2026-2648 – CVSS 8.8 (High)
- CVE-2026-2649 – CVSS 8.8 (High)
- CVE-2026-2650 – CVSS 8.8 (High)
These vulnerabilities require only that a user visit a malicious website. No additional privileges are needed. Successful exploitation could allow attackers to execute code, bypass sandbox protections, or compromise sensitive data. There are no confirmed reports of active exploitation at this time, but memory corruption issues in browsers are frequently targeted due to their high impact and wide exposure.
The update strengthens memory management controls, corrects unsafe object handling, and prevents invalid memory access during page rendering and script execution.
Key Details
- Affected Product
- Google Chrome
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- CWE Classification
- CWE-122