PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-10005 Google CVE debrief

A use-after-free vulnerability in Google Chrome's WebAppInstalls component on macOS allows remote code execution through crafted HTML pages when users perform specific UI gestures. The vulnerability affects Chrome versions prior to 148.0.7778.216 and has been assigned a High severity rating by the Chromium security team. Use-after-free vulnerabilities occur when a program continues to use a pointer after the memory it references has been freed, potentially allowing attackers to corrupt memory and execute arbitrary code. The attack requires user interaction through specific UI gestures, indicating a social engineering component where the attacker must convince the target to take particular actions. This vulnerability is specific to the macOS platform and does not affect Chrome on other operating systems. Google has released a stable channel update addressing this issue.

Vendor
Google
Product
Chrome
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-28
Original CVE updated
2026-05-29
Advisory published
2026-05-28
Advisory updated
2026-05-29

Who should care

macOS users running Google Chrome, enterprise security teams managing Chrome deployments, organizations with bring-your-own-device policies, and security teams monitoring browser-based attack vectors

Technical summary

The vulnerability exists in the WebAppInstalls component of Google Chrome on macOS, where improper memory management leads to a use-after-free condition. An attacker can craft a malicious HTML page that, when loaded and combined with specific user UI gestures, triggers the vulnerability. The freed memory can be repurposed to execute attacker-controlled code within the browser process. The fix in Chrome 148.0.7778.216 addresses the underlying memory management issue in the WebAppInstalls implementation.

Defensive priority

high

Recommended defensive actions

  • Update Google Chrome on macOS to version 148.0.7778.216 or later
  • Monitor for unexpected browser crashes or unusual web app installation prompts
  • Review and restrict installation of web applications from untrusted sources
  • Consider enabling site isolation features to limit impact of renderer exploits
  • Deploy application control policies to prevent execution of unauthorized browser versions

Evidence notes

Vulnerability description sourced from official CVE record and NVD entry. Vendor identification based on reference domain analysis of chromereleases.googleblog.com. Chromium issue tracker reference confirms component-specific details. CWE-416 (Use After Free) classification provided by [email protected].

Official resources

2026-05-28