2477701 – (CVE-2026-8521) CVE-2026-8521 chromium-browser: chromium-browser: Use after free in Tab Groups

Bug 2477701 (CVE-2026-8521) - CVE-2026-8521 chromium-browser: chromium-browser: Use after free in Tab Groups

Summary: CVE-2026-8521 chromium-browser: chromium-browser: Use after free in Tab Groups

Keywords:
Status:	NEW
Alias:	CVE-2026-8521
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2477796 2477797
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-14 21:05 UTC by OSIDB Bzimport
Modified:	2026-05-15 07:19 UTC (History)
CC List:	66 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-14 21:05:11 UTC

Use after free in Tab Groups in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

Note You need to log in before you can comment on or make changes to this bug.

aadhikar
anpicker
anthomas
bdettelb
bparees
brasmith
bsmejkal
cochase
dbosanac
derez
doconnor
dranck
dschmidt
eborisov
ehelms
erezende
ggainey
gotiwari
hasun
jachapma
jcantril
jfula
jgrulich
jhorak
jkoehler
jlanda
jowilson
jreimann
juwatts
kshier
lball
lphiri
mdessi
mhulan
mreynolds
mrizzi
mvyas
ngough
nmoumoul
nyancey
ometelka
osousa
pcattana
pcreech
progier
ptisnovs
rchan
rhel-process-autobot
rjohnson
rojacob
simaishi
smallamp
smcdonal
snegrini
spichugi
stcannon
syedriko
tbordaz
teagle
tmalecek
tpopela
vashirov
veshanka
watson-tool-maintainers
xdharmai
yguenane