{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7344", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-28T20:02:39.165Z", "datePublished": "2026-04-28T22:35:54.372Z", "dateUpdated": "2026-04-28T22:35:54.372Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.138", "status": "affected", "lessThan": "147.0.7727.138", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use after free", "cweId": "CWE-416"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-28T22:35:54.372Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"}, {"url": "https://issues.chromium.org/issues/503419515"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"}], "id": "CVE-2026-7344", "lastModified": "2026-04-28T23:16:21.987", "metrics": {}, "published": "2026-04-28T23:16:21.987", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/503419515"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[147.0.7727.138,147.0.7727.138)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-29T01:12:38.737068+00:00", "value": {"mitigation_remediation": ["Upgrade Chrome on all Windows machines to version 147.0.7727.138 or later as detailed in the Chrome release notes.", "Enable automatic updates so the new protected version is installed without manual intervention.", "If an update cannot be applied immediately, disable Chrome\u2019s accessibility features or use enterprise group policy to restrict renderer privileges until the patch is deployed."], "summary": {"action": "Immediate Patch", "impact": "Potential sandbox escape leading to arbitrary code execution"}, "threat_synthesis": {"affected_systems": "Google Chrome on Windows, versions older than 147.0.7727.138.", "description_and_impact": "A use\u2011after\u2011free bug in Chrome\u2019s accessibility layer on Windows allows a remote attacker who has already compromised the renderer process to trigger a sandbox escape by serving a crafted HTML page. The vulnerability is rated critical by the Chromium security team.", "risk_and_exploitability": "The EPSS score is not available and the vulnerability is not listed in CISA\u2019s KEV catalog, but the official security rating is critical. An attacker would need to first compromise the renderer process and then deliver a malicious HTML payload that exploits the use\u2011after\u2011free; if successful, the attacker could escape the renderer sandbox and potentially execute code with higher privileges."}}}}, "created": "2026-04-29T01:15:44.714913+00:00", "title": "Use\u2011After\u2011Free in Chrome Accessibility Leading to Sandbox Escape", "updated": "2026-04-29T01:30:05.928748+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}