CVE-2026-7342
Published: 28 April 2026
Summary
CVE-2026-7342 is a high-severity Use After Free (CWE-416) vulnerability in Google Chrome. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked at the 31.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-7342 is a use-after-free vulnerability (CWE-416) in the WebView component of Google Chrome on Android prior to version 147.0.7727.138. Published on 2026-04-28, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is classified as High severity by Chromium security.
A remote attacker can exploit this issue by crafting an HTML page that triggers the use-after-free condition when rendered in WebView. This requires user interaction, such as visiting a malicious site, and enables arbitrary code execution confined within the browser's sandbox.
Google addresses this vulnerability in Chrome for Android version 147.0.7727.138. Additional details on the patch and stable channel update are available in the Chrome Releases blog at https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html and the Chromium issue tracker at https://issues.chromium.org/issues/503889643.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-26168
Vulnerability details
Use after free in WebView in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free in browser WebView enables arbitrary code execution via crafted malicious webpage requiring user visit, directly mapping to drive-by compromise and client-side exploitation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation through applying Chrome version 147.0.7727.138 directly eliminates the use-after-free vulnerability preventing sandboxed code execution.
Memory protection safeguards such as ASLR, DEP, and stack canaries directly mitigate use-after-free exploits by preventing unauthorized code execution from corrupted memory.
Vulnerability scanning identifies Android systems running vulnerable Chrome WebView versions prior to 147.0.7727.138 for targeted patching.