highCVE-2026-15129

Google Chrome Views Use-After-Free Heap Corruption Vulnerability

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

ProductGoogle Chrome
CVSS8.8
EPSS0.00179
UpdatedJuly 10, 2026

Quick answer

Google Chrome should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • Google Chrome before 150.0.7871.115

Fixed versions

  • 150.0.7871.115

How to fix it

Google Chrome before 150.0.7871.115 is affected by Views use-after-free heap corruption. Update Chrome or Chromium-based browsers immediately and make sure users restart the browser so the fixed build is active.

  1. Update Google Chrome to 150.0.7871.115 or later, or the fixed platform build provided by the vendor.
  2. Force browser restart across managed endpoints so the updated binary is actually running.
  3. Apply the matching update to Chromium-based browsers that inherit the affected component.
  4. Prioritize systems used for email, admin consoles, SaaS dashboards, and other high-value browser workflows.
  5. Use enterprise browser management to block outdated versions and verify update compliance.
  6. Warn users not to open untrusted links or attachments until Chrome updates are confirmed.
  7. Review endpoint telemetry for renderer crashes, suspicious crafted HTML activity, or exploit indicators involving Views.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm chrome://version or enterprise inventory reports Chrome 150.0.7871.115 or later.
  • Verify managed update policy shows no endpoints stuck on the vulnerable version.
  • Confirm users restarted Chrome after the update.
  • Review security telemetry for Views crashes or suspicious browser exploit attempts.
  • Run a Fixnx scan and confirm public web assets do not encourage users to run outdated browsers.

Related categories

Trusted references

FAQ

What is affected by CVE-2026-15129?

Google Chrome versions listed as affected should be reviewed: Google Chrome before 150.0.7871.115.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

Why can this risk appear in multiple categories?

A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.