HIGHCVE-2026-7338Published 2026-04-28Modified 2026-04-30CNA Chrome

CVE-2026-7338: Use after free in Cast in Google Chrome prior to 147

Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)

CVSS v3.1: 7.5
Severity: HIGH
Fixed in: 147.0.7727.138
Affected Products: 1

Fix available

147.0.7727.138

Affected packages

Google / Chrome
< 147.0.7727.138 (from 147.0.7727.138)

CVSS Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References

chromereleases.googleblog.com
issues.chromium.org

Metrics

Fix available