DEBIAN-CVE-2026-7929

DEBIAN-CVE-2026-7929 PUBLISHED CVSS 7.5 HIGH

Use after free in MediaRecording in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:11	chromium	0, 99.0.4844.84-1, 99.0.4844.84-1
Debian:14	chromium	143.0.7499.192-1, 0, 138.0.7204.183-1
Debian:13	chromium	147.0.7727.55-1, 147.0.7727.55-1, 148.0.7778.96-1
Debian:12	chromium	139.0.7258.127-2, 139.0.7258.127-1, 139.0.7258.127-1

Exploit Intelligence

CVE-2026-7929.json (github-poc)
CVE-2026-7929.json (github-poc)

Timeline

May 6, 2026 CVE Published
May 7, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2026-7929 advisory

Open in Interactive Console →