CVE-2026-7343EXPLOITEDPATCHED

google · chrome

CVE-2026-7343: Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromise

Description

Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Affected Products

Vendor	Product	Versions
google	chrome	147.0.7727.138

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
apple	macos	cve_cpe	95%
linux	linux_kernel	cve_cpe	95%
microsoft	windows	cve_cpe	95%

References

Related News (4 articles)

Tier A

Microsoft MSRC-9233s ago

Chromium: CVE-2026-7343 Use after free in Views

→ No new info (linked only)

Tier D

SecurityWeek1d ago

Chrome 147, Firefox 150 Security Updates Rolling Out

→ No new info (linked only)

Tier D

Heise Security1d ago

Kritische Lücken in Chrome und Firefox geschlossen

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2026-7343 | Google Chrome up to 147.0.7727.117 on Windows Views use after free (ID 503645)

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

147.0.7727.138

CWECWE-416

PublishedApr 28, 2026

Last enriched2h agov3

Trending Score76

Source articles5

Independent4

Info Completeness10/14

Missing: epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-2441EXPKEV

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Trending: 96

HIGHCVE-2026-7344EXP

CVE-2026-7344: Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had co

Trending: 73

HIGHCVE-2026-7363EXP

CVE-2026-7363: Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execut

Trending: 73

CRITICALCVE-2026-7333EXP

CVE-2026-7333: Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbo

Trending: 69

HIGHCVE-2026-7355EXP

CVE-2026-7355: Use after free in Media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code ins

Trending: 69

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 28, 2026

Discovered by ZDM

Apr 28, 2026

Updated: affectedVersions, severity

Apr 29, 2026

Actively Exploited

Apr 30, 2026

Exploit Available

Apr 30, 2026

Patch Available

Apr 30, 2026

Updated: severity, cvssEstimate, exploitAvailable, activelyExploited

May 1, 2026

Version History

Last enriched 2h ago

v3Tier A2h ago

Updated severity to CRITICAL, CVSS estimate to 9.8, and marked exploit as available and actively exploited.

severitycvssEstimateexploitAvailableactivelyExploited

via Microsoft MSRC

v2Tier C2d ago

Updated affected versions to 147.0.7727.117 and changed severity to CRITICAL.

affectedVersionsseverity

via VulDB

v12d ago

Initial creation