cbcvebase.
CVE-2026-9118
published 2026-05-20

CVE-2026-9118: Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium…

high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Affected

3 ranges
VendorProductVersion rangeFixed in
googlechrome< 148.0.7778.178148.0.7778.178
googlechrome>= 148.0.7778.179 < 148.0.7778.179148.0.7778.179
googlechrome_desktop