CVE 8.8 HIGH

CVE-2026-10890_CVE-2026-10890

June 4, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: Critical)

AI Analysis

Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic.

Basic Information

ID CVE-2026-10890

Source Chrome

Published Jun 4, 2026 at 23:03

Modified Jun 5, 2026 at 01:43

Affected Product

Vendor Google

Product Chrome

Version 149.0.7827.53

Affected Versions Google Chrome 149.0.7827.53

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Google

Product Google Chrome

Version 149.0.7827.53

References

{
    "lastseen": "",
    "description": "Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: Critical)",
    "published": "2026-06-04T23:03:25.769Z",
    "modified": "2026-06-05T01:43:26.889Z",
    "type": "cve",
    "title": "CVE-2026-10890",
    "source": "Chrome",
    "references": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html\nhttps://issues.chromium.org/issues/513136593",
    "id": "CVE-2026-10890",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Google Chrome 149.0.7827.53",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Chrome",
    "version": "149.0.7827.53",
    "vendor": "Google",
    "ai_description": "Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic.",
    "ai_severity": "High",
    "ai_vendor": "Google",
    "ai_product": "Google Chrome",
    "ai_version": "149.0.7827.53",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply