CVE-2026-10886NVD

Vulnerability Summary

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Severity Level

CRITICAL(9.6)

Published Date

Jun 4, 2026

Last Modified

Jun 5, 2026

Exploitation Status

UNKNOWN

Root Weakness (CWE)

CWE-416: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

EPSS Score (30-Day)

Data Pending

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

ScopeChanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
https://issues.chromium.org/issues/505096898