How is CVE-2026-10956 exploited?

Network reachability (required): The attacker delivers the exploit over the network by hosting a crafted HTML page that the victim's browser fetches remotely. Authentication (not-required): No account or credential is needed; any unauthenticated remote attacker can attempt the exploit. Victim interaction (required): The victim must navigate to or be redirected to an attacker-controlled HTML page, making this a social-engineering or malicious-link scenario. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other unpredictable environmental factors.

What is the impact of CVE-2026-10956?

A successful attacker executes arbitrary code within the Chrome sandbox process on the victim's machine. Confidential data accessible to the renderer process, including page content and stored credentials surfaced by the browser, is exposed to the attacker. The attacker can modify data handled by the compromised renderer, including injecting content into the current browsing context. The affected renderer process can be crashed or made unresponsive, disrupting the user's browser session.

Back to search

HIGHCVE-2026-10956Published 2026-06-04Modified 2026-06-05CNA Chrome

CVE-2026-10956: Use after free in MimeHandlerView in Google Chrome prior to 149

Use after free in MimeHandlerView in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS v3.1: 8.8
Severity: HIGH
Fixed in: 149.0.7827.53
Affected Products: 1

HarborGuard Analysis

Synopsis

A use-after-free vulnerability in the MimeHandlerView component of Google Chrome prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code inside the Chrome sandbox by convincing a user to visit a crafted HTML page. The vulnerability is reachable over the network and requires no authentication, though it does require the victim to load attacker-controlled content in their browser. A patched-image rebuild at version 149.0.7827.53 is available on HarborGuard for environments running an affected version of Chrome.

HarborGuard Coverage

Detection

Detection of CVE-2026-10956 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of publication from upstream feeds, including custom-built images that bundle a Chrome or Chromium binary. Any image carrying a Chrome version below 149.0.7827.53 is flagged automatically in both registry scans and pipeline-integrated checks.

Available

Triage

HarborGuard scores this CVE at 8.8 HIGH per the CVSS v3.1 vector and weights that score against each customer environment's compliance policy to prioritize routing. Findings are delivered to the appropriate team inbox within each customer organization based on policy-configured ownership rules.

Available

Patch

A patched-image rebuild at Chrome 149.0.7827.53 becomes available on HarborGuard for any environment running an affected version. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityRequired
The attacker delivers the exploit over the network by hosting a crafted HTML page that the victim's browser fetches remotely.
AuthenticationNot required
No account or credential is needed; any unauthenticated remote attacker can attempt the exploit.
Victim interactionRequired
The victim must navigate to or be redirected to an attacker-controlled HTML page, making this a social-engineering or malicious-link scenario.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other unpredictable environmental factors.

Blast Radius

A successful attacker executes arbitrary code within the Chrome sandbox process on the victim's machine.
Confidential data accessible to the renderer process, including page content and stored credentials surfaced by the browser, is exposed to the attacker.
The attacker can modify data handled by the compromised renderer, including injecting content into the current browsing context.
The affected renderer process can be crashed or made unresponsive, disrupting the user's browser session.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-10956 is active across all connected registries and CI pipelines, matching any image that packages Chrome below 149.0.7827.53. Given the HIGH severity score of 8.8 and the straightforward exploit complexity, this CVE is prioritized at the top of the remediation queue in policy-weighted triage. For customers who opt into auto-remediation, HarborGuard rebuilds affected images at Chrome 149.0.7827.53, executes a regression run against the new image, and opens a pull request against impacted workloads; the median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the rebuild artifact and a pre-filled PR are staged and waiting for reviewer sign-off.

See how HarborGuard automates this

Fix available

149.0.7827.53

Affected packages

Google / Chrome
< 149.0.7827.53 (from 149.0.7827.53)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available