CVE-2026-6311

Google · Chrome

An uninitialized use vulnerability exists in the Accessibility component of Google Chrome on Windows, which could be leveraged by an attacker.

Executive summary

A critical uninitialized use vulnerability in the Accessibility component of Google Chrome on Windows poses a significant risk of arbitrary code execution.

Vulnerability

The vulnerability involves an uninitialized use flaw within the Accessibility framework of the browser. Based on the nature of browser-based memory errors, this typically requires a user to interact with malicious web content while the browser is in an unauthenticated state.

Business impact

Successful exploitation of this memory corruption vulnerability could allow an attacker to execute arbitrary code within the context of the browser process. Given the CVSS score of 8.3, this represents a high-severity risk that could lead to full system compromise, unauthorized data access, or the installation of persistent malware on the host machine.

Remediation

Immediate Action: Update all instances of Google Chrome on Windows to version 147 or later immediately to resolve the underlying memory management defect.

Proactive Monitoring: Review application and system logs for unusual crashes or unexpected browser process terminations that may indicate attempted exploitation.

Compensating Controls: Ensure that Endpoint Detection and Response (EDR) solutions are active and configured to monitor for anomalous child processes spawned by the browser.

Exploitation status

Public Exploit Available: false

Analyst recommendation

The severity of this memory-related vulnerability necessitates immediate patching across the enterprise. Security teams should prioritize the deployment of the version 147 update to all Windows workstations to neutralize the threat of potential remote code execution.