Summary
| Parameter | Value |
|---|---|
| CVE ID | CVE-2026-7343 |
| Alert Source | GitHub Advisory - Critical Vulnerability |
| CVE Publication Year | 2026 |
| Date Published | 2026-04-29 |
| Vendor | |
| Product | Chrome |
| CVSS Score | 9.8 (critical) |
| EPSS Score | 0.0% (percentile: 10%) |
| CISA KEV | No |
| Ransomware | Not confirmed |
Vulnerability Description
Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Required Actions
Update Google Chrome on all Windows workstations to version 147.0.7727.138 or newer immediately. Force a browser restart after updating. Because the bug is reachable from a compromised renderer, it can be chained with other exploits, so this update is top priority. Consider enforcing a minimum Chrome version via Group Policy.
Who Is Affected?
This vulnerability affects Chrome by Google on Windows. Check whether your organization runs Chrome on Windows and roll out the update to version 147.0.7727.138 or newer.
Sources
Need help securing your systems? nFlo team offers vulnerability management and 24/7 SOC services. Contact us.
