CVE-2026-15773

Google · Chrome

A use-after-free vulnerability in the Google Chrome Core component allows a remote attacker to achieve sandbox escape via a crafted HTML page.

Executive summary

A critical use-after-free vulnerability in Google Chrome allows remote attackers to escape the browser sandbox, potentially leading to full system compromise.

Vulnerability

This is a use-after-free vulnerability in the browser's Core component. An attacker can leverage this flaw by enticing a user to visit a specially crafted web page, resulting in sandbox escape.

Business impact

A sandbox escape is a severe event, as it allows an attacker to break out of the browser's security boundaries and execute code on the underlying host operating system. Given the CVSS score of 9.6, this vulnerability could lead to total data compromise and unauthorized access to the user's workstation.

Remediation

Immediate Action: Update Google Chrome to the latest stable version immediately to ensure the patch is applied.

Proactive Monitoring: Monitor for browser crashes or unusual system behavior following web browsing activities, which may indicate attempted exploitation.

Compensating Controls: Employ endpoint protection software capable of detecting malicious browser-based activity and utilize browser security settings that restrict script execution.

Exploitation status

Public Exploit Available: No confirmed public exploit available.

Analyst recommendation

Chrome users and enterprise administrators should ensure that the browser is updated to the latest available version as a matter of routine security hygiene. The ability to escape the sandbox makes this a high-priority update for all environments where Chrome is used as the primary web browser.