Cyber Resilience

CVE-2026-7343

High

Published: 28 April 2026

Published
28 April 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0021 43.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7343 is a high-severity Use After Free (CWE-416) vulnerability in Google Chrome. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 43.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-39 (Process Isolation).

Deeper analysis

CVE-2026-7343 is a use-after-free vulnerability (CWE-416) in the Views component of Google Chrome on Windows, affecting versions prior to 147.0.7727.138. Published on 2026-04-28, this critical Chromium security issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

A remote attacker who has already compromised the renderer process can exploit the vulnerability via a crafted HTML page to potentially achieve a sandbox escape. The attack vector requires network access with high complexity, no privileges, and user interaction, leading to high impacts on confidentiality, integrity, and availability within unchanged scope.

Mitigation is available in Google Chrome version 147.0.7727.138 and later. Advisories detail the patch in the Chrome Releases stable channel update at https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html and the associated Chromium issue at https://issues.chromium.org/issues/503645680.

EU & UK References

Vulnerability details

Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Use-after-free in Chrome renderer enables sandbox escape after initial renderer compromise, directly mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-9970Same product: Apple Macos
CVE-2026-7919Same product: Apple Macos
CVE-2026-9931Same product: Apple Macos
CVE-2026-7985Same product: Apple Macos
CVE-2026-9997Same product: Apple Macos
CVE-2026-8514Same product: Apple Macos
CVE-2026-4456Same product: Apple Macos
CVE-2026-9891Same product: Apple Macos
CVE-2026-9925Same product: Apple Macos
CVE-2026-9946Same product: Apple Macos

Affected Assets

google
chrome
≤ 147.0.7727.138

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of flaws, directly addressing the use-after-free vulnerability patched in Chrome version 147.0.7727.138.

prevent

Implements memory protection mechanisms that mitigate exploitation of use-after-free errors in the renderer process.

prevent

Enforces process isolation to limit the impact of sandbox escapes from a compromised renderer process.

References