Use after free in GPU in Google Chrome on Mac prior to 149
Description
Use after free in GPU in Google Chrome on Mac prior to 149
AI Analyst Comment
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: Google
PRODUCT: Chrome
AFFECTED_VERSIONS: Google Chrome on Mac prior to 149.0.7827.115
---END_METADATA---
Description Summary:
A use-after-free vulnerability in the GPU component of Google Chrome for Mac allows for potential sandbox escape via crafted HTML content.
Executive Summary:
A high-severity use-after-free vulnerability in the GPU component of Google Chrome for Mac exposes users to potential sandbox escape and system compromise.
Vulnerability Details
CVE-ID: CVE-2026-12023
Affected Software: Google Chrome
Affected Versions: Google Chrome on Mac prior to 149.0.7827.115
Vulnerability: This is a use-after-free vulnerability found in the GPU component. A remote attacker could exploit this by directing a user to a crafted HTML page, which, following the compromise of the renderer process, could lead to a sandbox escape.
Business Impact
With a CVSS score of 8.3, this vulnerability represents a severe threat to macOS environments. Successful exploitation allows an attacker to bypass the browser's primary defense layer, potentially leading to unauthorized access to sensitive user data or further exploitation of the host system.
Remediation Plan
Immediate Action: Update all Google Chrome instances on Mac to version 149.0.7827.115 immediately.
Proactive Monitoring: Monitor endpoint security logs for unexpected browser crashes or unusual GPU-related process activity which may indicate exploitation attempts.
Compensating Controls: Implement endpoint protection solutions that can identify and block malicious code execution originating from browser processes.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 12, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Security teams should enforce the update to version 149.0.7827.115 across all Mac workstations. Swift remediation is essential to maintain the integrity of browser-based security boundaries.