CVE-2026-15121

Google · Chrome

A use-after-free vulnerability in the WebRTC implementation of Google Chrome could lead to memory corruption and potential code execution.

Executive summary

A high-severity use-after-free vulnerability in Google Chrome’s WebRTC implementation creates a path for attackers to execute arbitrary code on the host system.

Vulnerability

This flaw is a use-after-free vulnerability (CWE-416) found in the WebRTC component. An unauthenticated attacker could trigger this vulnerability by tricking a user into navigating to a malicious site that leverages the vulnerable WebRTC code.

Business impact

The CVSS score of 8.8 highlights the critical nature of this vulnerability. If exploited, an attacker could gain control over the browser process, leading to the exfiltration of sensitive information or the deployment of further malicious payloads within the corporate network, posing a substantial risk to organizational confidentiality and integrity.

Remediation

Immediate Action: Update all installations of Google Chrome to the latest version provided by the vendor.

Proactive Monitoring: Monitor network traffic for unusual WebRTC-related activity and endpoint logs for unexpected browser process terminations or crashes.

Compensating Controls: Utilize web filtering solutions to block access to known malicious or suspicious domains that may be hosting exploit code.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Due to the widespread use of WebRTC in modern browser applications, this vulnerability is particularly dangerous. Security teams must treat this as a high-priority update and ensure that the patch is applied across all enterprise workstations to prevent potential exploitation.