CVE Catalog

CVE-2026-10945

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

34th percentile - higher than 34% of all known CVEs

Summary

Use after free in PDF in Google Chrome prior to version 149.0.7827.53 allows a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file.

Risk Assessment

An attacker can exploit this vulnerability to execute malicious code, potentially leading to system compromise and data leakage.

Recommendation

It is recommended to update Google Chrome to the latest version to mitigate this vulnerability and implement additional security measures, such as restricting the opening of PDF files from unknown sources.

Original NVD description (English source)

Use after free in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS