HIGHCVE-2026-8587Published 2026-05-14Modified 2026-05-15CNA Chrome

CVE-2026-8587: Use after free in Extensions in Google Chrome on Mac prior to 148

Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)

CVSS v3.1: 8.8
Severity: HIGH
Fixed in: 148.0.7778.168
Affected Products: 1

Fix available

148.0.7778.168

Affected packages

Google / Chrome
< 148.0.7778.168 (from 148.0.7778.168)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

chromereleases.googleblog.com
issues.chromium.org

Metrics

Fix available