HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-10990Published Modified CNA Chrome

CVE-2026-10990: Use after free in Glic in Google Chrome prior to 149

Use after free in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Metrics

CVSS v3.1
8.3
Severity
HIGH
Fixed in
149.0.7827.53
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A use-after-free vulnerability exists in the Glic component of Google Chrome versions prior to 149.0.7827.53. The flaw is reachable over the network but requires the attacker to have already compromised the Chrome renderer process and to trick a user into visiting a crafted HTML page; it carries a high CVSS score of 8.3 due to its cross-scope impact. Successful exploitation enables a sandbox escape, granting the attacker capabilities outside the browser sandbox including full confidentiality, integrity, and availability impact on affected systems. A patched-image rebuild at version 149.0.7827.53 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in registries and CI/CD pipelines, including custom-built images that bundle Chrome or Chromium. Any image shipping a Chrome version below 149.0.7827.53 is flagged automatically.

Available
Triage

HarborGuard surfaces this CVE with its CVSS v3.1 score of 8.3 (HIGH) and applies per-environment compliance policy weighting to determine urgency before routing the finding to the appropriate team inbox inside each customer organization.

Available
Patch

A patched-image rebuild pinned to Chrome 149.0.7827.53 becomes available through HarborGuard as soon as the fix version is confirmed. For customers with auto-remediation enabled, HarborGuard triggers a rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the victim over the network by serving a crafted HTML page, making the service's network exposure a prerequisite for exploitation.

  • AuthenticationNot required

    No account or credential is required; the attacker needs only to lure the target to a malicious page.

  • Victim interactionRequired

    The victim must visit a crafted HTML page, meaning the attacker depends on social engineering or a redirect to deliver the payload.

  • Attack complexityDetail

    Attack complexity is high because the attacker must have already compromised the renderer process before this vulnerability becomes exploitable, introducing a significant prerequisite beyond the initial network delivery.

Blast Radius

  • A successful sandbox escape lets the attacker execute code outside the Chrome sandbox with the privileges of the browser process, breaking the primary isolation boundary protecting the host.
  • The attacker gains read access to data the browser process can reach, including stored credentials, session tokens, and local files accessible to the user account running Chrome.
  • The attacker can write or modify files and system state accessible to the browser process, enabling persistent changes to the host environment.
  • The attacker can crash or destabilize the browser process and potentially dependent system services, causing a denial of service on the affected host.

How HarborGuard Handles This

Available on HarborGuard: images containing Google Chrome below version 149.0.7827.53 are matched against this CVE within minutes of publication across all scanned registries and pipelines. For customers with auto-remediation enabled, HarborGuard initiates a rebuild at the patched version, executes a regression test run, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval before remediation, the finding is routed to the designated team inbox with full CVSS context and the fix-version detail attached. Because this vulnerability requires a pre-compromised renderer process, teams that cannot immediately patch should consider network-policy controls that limit outbound connections from browser-hosting workloads as a compensating measure while the rebuild is prepared.

See how HarborGuard automates this

Fix available

149.0.7827.53
Affected packages
  • Google / Chrome
    < 149.0.7827.53 (from 149.0.7827.53)
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
References