CVE-2026-15120
Google · Chrome
A use-after-free vulnerability exists in the Core component of Google Chrome on Windows, potentially allowing for arbitrary code execution.
Executive summary
A critical use-after-free vulnerability in the Google Chrome Core component on Windows allows remote attackers to execute arbitrary code via specially crafted web content.
Vulnerability
This is a use-after-free vulnerability located within the Core component of the browser. The vulnerability requires user interaction, specifically navigating to a malicious webpage, and does not require authentication from the attacker.
Business impact
A successful exploit of this vulnerability can lead to full system compromise, as it allows for arbitrary code execution in the context of the user running the browser. Given the CVSS score of 8.3, this represents a significant risk to organizational endpoints, potentially resulting in data exfiltration, installation of malware, or unauthorized lateral movement within the network.
Remediation
Immediate Action: Update all instances of Google Chrome to version 150.0.7871.115 or later immediately.
Proactive Monitoring: Monitor endpoint security logs for unusual process execution patterns or unexpected browser crashes that may indicate exploitation attempts.
Compensating Controls: Ensure that endpoint protection software (EDR) is active and updated to detect and block malicious payloads associated with browser-based memory corruption exploits.
Exploitation status
Public Exploit Available: false
Analyst recommendation
This vulnerability presents a high risk to business operations due to the potential for remote code execution. Security teams must prioritize the deployment of the browser update across all enterprise assets to mitigate the risk of exploitation.