highCVE-2026-15123

Google Chrome DOM Heap Corruption Vulnerability

Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ProductGoogle Chrome
CVSS8.8
EPSS0.00161
UpdatedJuly 10, 2026

Quick answer

Google Chrome should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • Google Chrome before 150.0.7871.115

Fixed versions

  • 150.0.7871.115

How to fix it

Google Chrome before 150.0.7871.115 is affected by DOM heap corruption. Update Chrome and Chromium-based browsers immediately, then force users to restart so the patched browser process is active and the DOM fix is actually loaded.

  1. Update Google Chrome to 150.0.7871.115 or later, or the fixed build distributed by the operating system or enterprise browser channel.
  2. Force a browser restart across managed endpoints so old vulnerable renderer and browser processes are closed.
  3. Apply the equivalent update to Chromium-based browsers that may inherit the same affected component.
  4. Prioritize endpoints used for email, administrator consoles, banking, SaaS dashboards, development, and privileged access.
  5. Use MDM, Group Policy, endpoint management, or browser cloud management to block outdated Chrome versions.
  6. Warn users to avoid untrusted links, attachments, extensions, and crafted pages until the DOM update is confirmed.
  7. Review endpoint telemetry for Chrome crashes, exploit alerts, suspicious renderer behavior, or indicators involving DOM.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm chrome://version, enterprise inventory, or endpoint management reports Chrome 150.0.7871.115 or later.
  • Verify all users restarted Chrome after the update and no stale vulnerable processes remain running.
  • Confirm update compliance for Chromium-based browsers and mobile Chrome where applicable.
  • Review browser and EDR telemetry for suspicious DOM crashes or exploit attempts.
  • Run a Fixnx scan and confirm public web properties do not instruct users to keep or install outdated browsers.

Related categories

Trusted references

FAQ

What is affected by CVE-2026-15123?

Google Chrome versions listed as affected should be reviewed: Google Chrome before 150.0.7871.115.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

Why can this risk appear in multiple categories?

A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.