CVE-2026-7348 — Use After Free in Google Chrome

Vendor	Product	Version range	Fixed in
google	chrome	< 147.0.7727.138	147.0.7727.138
google	chrome	>= 147.0.7727.138 < 147.0.7727.138	147.0.7727.138
google	chrome_desktop	—	—

Chrome

Stable Channel Update for Desktop: CVE-2026-7350

vendor_chrome·2026-04-28

CVE-2026-7350 [HIGH] Stable Channel Update for Desktop: CVE-2026-7350 Stable Channel Update for Desktop CVE-2026-7350: Use after free in WebMIDI. Reported by Google on 2026-04-06 [TBD][ 500034684 ] High CVE-2026-7349: Use after free in Cast Reported by Google on 2026-04-06 [TBD][ 500104917 ] High CVE-2026-7348: Use after free in Codecs Severity: high

Red Hat

chromium-browser: Use after free in Codecs

vendor_redhat·2026-04-28·CVSS 8.8

CVE-2026-7348 [HIGH] CWE-825 chromium-browser: Use after free in Codecs chromium-browser: Use after free in Codecs An use after free flaw was found in the Codecs component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=500104917 Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.

VulDB

Google Chrome up to 147.0.7727.117 Codecs use after free (ID 500104 / Nessus ID 310948)

vuldb·2026-04-30

CVE-2026-7348 [CRITICAL] Google Chrome up to 147.0.7727.117 Codecs use after free (ID 500104 / Nessus ID 310948) A vulnerability categorized as critical has been discovered in Google Chrome. Affected by this vulnerability is an unknown functionality of the component Codecs. Such manipulation leads to use after free. This vulnerability is traded as CVE-2026-7348. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

GHSA

GHSA-m496-r4gw-qh27: Use after free in Codecs in Google Chrome prior to 147

ghsa_unreviewed·2026-04-29

CVE-2026-7348 [HIGH] CWE-416 GHSA-m496-r4gw-qh27: Use after free in Codecs in Google Chrome prior to 147 Use after free in Codecs in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2026-7348: Use after free in Codecs in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page…

Affected