cve-2026-7975

CVE-2026-7975 is a Chromium use-after-free vulnerability in DevTools, disclosed by Google and Microsoft on May 6, 2026. The flaw was fixed in Google Chrome before version 148.0.7778.96 and also affects Chromium-based Microsoft Edge. While Chromium rates it as Medium severity, CISA's ADP scoring assigns an 8.3 High CVSS 3.1 score because the bug could help an attacker escape Chrome's sandbox after a renderer compromise. This highlights the importance of fast patching, as attackers chain multiple bugs together to achieve full compromise. WindowsForum discussions emphasize that even medium-rated browser bugs need prompt attention to prevent sandbox escapes and maintain security.