Chrome 'Use-After-Free' Bug: High Severity RCE Risk
A critical ‘use-after-free’ vulnerability, identified as CVE-2026-6360, has been reported in Google Chrome’s FileSystem component. According to the National Vulnerability Database, this flaw impacts Chrome versions prior to 147.0.7727.101. This type of bug, classified as CWE-416, can be a real headache, often leading to memory corruption and, in the worst cases, arbitrary code execution.
The National Vulnerability Database detailed that a remote attacker could potentially exploit this vulnerability by enticing a user to visit a specially crafted HTML page. The Chromium security team has assigned this a ‘High’ severity rating, underscoring the potential for significant impact. With a CVSS v3.1 score of 8.8, this isn’t just a theoretical threat; it’s a prime target for threat actors looking for a reliable way to gain a foothold.
Related ATT&CK Techniques
🛡️ Detection Rules
5 rules · 6 SIEM formats5 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, QRadar AQL, and Wazuh.
Web Application Exploitation Attempt — CVE-2026-6360
Want this in your SIEM's native format? Get Splunk SPL, Sentinel KQL, Elastic, QRadar AQL, or Wazuh — ready to paste.
5 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.
Get All SIEM Formats →Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-6360 | Use After Free | Google Chrome < 147.0.7727.101 |
| CVE-2026-6360 | Memory Corruption | FileSystem component in Google Chrome |
| CVE-2026-6360 | RCE | Exploitation via crafted HTML page |
Related Posts
Composer Command Injection: Malicious Repositories are a New Vector
CVE-2026-40261 — Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase()...
CVE-2026-40186 — Non-Default Configurations Where Option Or Textarea Are Incl Cross-Site Scripting (XSS)
CVE-2026-40186 — ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package...
Critical Dgraph Flaw Leaks Admin Tokens, Bypassing Authentication
CVE-2026-40173 — Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is...