PatchSiren cyber security CVE debrief
CVE-2026-10954 Google CVE debrief
CVE-2026-10954 is a Use after free vulnerability in the Actor component of Google Chrome prior to version 149.0.7827.53. This vulnerability, rated as High severity by Chromium, allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. The CVSS score for this vulnerability is 8.8.
- Vendor
- Product
- Chrome
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-09
Who should care
Users of Google Chrome prior to version 149.0.7827.53 should update to the latest version to mitigate this vulnerability. Additionally, organizations using Google Chrome in their environments should prioritize updating to the fixed version.
Technical summary
The vulnerability is caused by a use-after-free issue in the Actor component of Google Chrome. This type of vulnerability occurs when a program tries to use memory after it has been freed, which can lead to arbitrary code execution.
Defensive priority
High
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.53 or later.
- Ensure that all users of Google Chrome in your organization are updated to the latest version.
Evidence notes
The CVE record and NVD detail for CVE-2026-10954 provide additional information about this vulnerability.
Official resources
-
CVE-2026-10954 CVE record
CVE.org
-
CVE-2026-10954 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Source reference
[email protected] - Permissions Required
CVE-2026-10954 was published on 2026-06-04T23:16:58.337Z and modified on 2026-06-09T18:49:13.543Z.