HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-10894Published Modified CNA Chrome

CVE-2026-10894: Use after free in Printing in Google Chrome on Linux prior to 149

Use after free in Printing in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Metrics

CVSS v3.1
8.3
Severity
HIGH
Fixed in
149.0.7827.53
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A use-after-free vulnerability exists in the Printing component of Google Chrome on Linux in versions prior to 149.0.7827.53. The flaw is reachable over the network but requires victim interaction and a pre-compromised renderer process; an attacker delivers a crafted HTML page to trigger the condition. Successful exploitation enables a sandbox escape, giving the attacker capabilities beyond the Chrome renderer sandbox, including potential code execution on the host. A patched-image rebuild at version 149.0.7827.53 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: CVE-2026-10894 is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle Chrome on Linux base layers. Any image carrying a Chrome version below 149.0.7827.53 on a Linux base is flagged immediately.

Available
Triage

HarborGuard scores this CVE at 8.3 HIGH (CVSS v3.1) and is capable of weighting that score against each customer environment's compliance policy to determine breach-of-threshold status. Findings are routable to the appropriate team inbox within each customer organization based on policy-defined severity thresholds and ownership mappings.

Available
Patch

A patched-image rebuild at Chrome 149.0.7827.53 becomes available on HarborGuard for any environment where an affected image is detected. For customers who opt into auto-remediation, HarborGuard is capable of triggering a rebuild, running a regression test suite against the new image, and opening a PR against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the crafted HTML page over the network, so the target host must be reachable by or be browsing content from an attacker-controlled origin.

  • AuthenticationNot required

    No account or credential is needed; the attack is launched through a crafted web page served to an unauthenticated user.

  • Victim interactionRequired

    A user must open or be redirected to the attacker's crafted HTML page, making social engineering or a drive-by redirect a necessary part of the attack chain.

  • Attack complexityDetail

    Attack complexity is high because the attacker must already have compromised the Chrome renderer process before triggering the use-after-free to escape the sandbox, introducing a significant pre-condition.

Blast Radius

  • The attacker escapes the Chrome renderer sandbox, breaking the security boundary that isolates browser processes from the underlying Linux host.
  • With sandbox escape achieved, the attacker gains the ability to execute arbitrary code in the context of the browser process on the host system.
  • Host file system paths accessible to the Chrome process become readable, exposing stored credentials, cookies, and session tokens held on disk.
  • Data integrity on the host is at risk: the attacker can write or modify files within the process's permissions, and the process itself can be crashed or destabilized.

How HarborGuard Handles This

Available on HarborGuard: CVE-2026-10894 is matched against every customer image that includes Chrome on a Linux base layer, covering both upstream-sourced and internally built images. Where compliance policy permits, HarborGuard is capable of generating a rebuilt image pinned to the fixed version 149.0.7827.53 and, for customers who opt into auto-remediation, opening a regression-tested patch PR against affected workloads. Given the HIGH severity score of 8.3 and the sandbox-escape impact, HarborGuard prioritizes this CVE for immediate routing; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled. Teams that cannot immediately rebuild should consider isolating Chrome-based workloads behind restrictive network policies to reduce the attacker's ability to deliver the crafted HTML trigger, and should review whether renderer-process hardening flags are enabled in their Chrome deployment configuration.

See how HarborGuard automates this

Fix available

149.0.7827.53
Affected packages
  • Google / Chrome
    < 149.0.7827.53 (from 149.0.7827.53)
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
References