Google Chrome WebRTC Use-After-Free: Remote Code Execution
A critical use-after-free vulnerability, identified as CVE-2026-9120, has been disclosed in Google Chrome’s WebRTC component. The National Vulnerability Database assigns this a CVSS score of 8.8 (High), highlighting its severe impact. This flaw, present in Chrome versions prior to 148.0.7778.179, allows a remote attacker to achieve arbitrary code execution merely by tricking a user into visiting a specially crafted HTML page.
The attacker’s calculus here is straightforward: web browsers are the primary interface to the internet, making them prime targets for client-side exploits. A use-after-free bug, specifically CWE-416, provides a reliable path to memory corruption, often leading directly to arbitrary code execution. For defenders, this means a successful exploit could grant an attacker full control over the user’s browser context, potentially leading to data theft, further network penetration, or system compromise.
This vulnerability underscores the constant battle against browser-based threats. While no specific affected products beyond Google Chrome are noted by the National Vulnerability Database, organizations must prioritize patching. The ease of exploitation via a crafted HTML page makes this a significant threat, requiring immediate attention from security teams.
What This Means For You
- If your organization uses Google Chrome, prioritize updating all endpoints to version 148.0.7778.179 or later immediately. This is not a 'wait and see' situation; a high-severity remote code execution flaw in a widely used browser is a direct threat to your users and network perimeter. Ensure your patch management systems are actively deploying this update.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-9120 - Google Chrome WebRTC Use-After-Free RCE
title: CVE-2026-9120 - Google Chrome WebRTC Use-After-Free RCE
id: scw-2026-05-20-ai-1
status: experimental
level: critical
description: |
Detects the launch of Google Chrome with specific command-line flags potentially indicative of an attempt to exploit the CVE-2026-9120 WebRTC Use-After-Free vulnerability. This vulnerability allows for remote code execution via a crafted HTML page, and this rule looks for a specific, albeit hypothetical, flag combination that might be used in an exploit targeting the WebRTC component.
author: SCW Feed Engine (AI-generated)
date: 2026-05-20
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-9120/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: process_creation
detection:
selection:
Image|endswith:
- 'chrome.exe'
CommandLine|contains:
- 'chrome.exe --flag-switches-begin --enable-features=WebRTCPipeWireCapturer --flag-switches-end'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-9120 | Use After Free | Google Chrome < 148.0.7778.179 |
| CVE-2026-9120 | RCE | WebRTC component in Google Chrome |
| CVE-2026-9120 | Code Injection | crafted HTML page |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 20, 2026 at 23:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-4811 — Cross-Site Scripting (XSS)
CVE-2026-4811 — The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
CVE-2026-1881 — The Broadstreet plugin for WordPress is vulnerable to
CVE-2026-1881 — The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the get_sponsored_meta...
CVE-2026-9149 — Libsolv Buffer Overflow
CVE-2026-9149 — A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative...