CVE-2026-9887: Use after free in Proxy

Q: What is the severity of CVE-2026-9887?

The severity of CVE-2026-9887 is classified as high with a CVSS score of 8.8.

Q: How do I fix CVE-2026-9887?

To fix CVE-2026-9887, update Google Chrome to version 148.0.7778.216 or later.

Q: What type of vulnerability is CVE-2026-9887?

CVE-2026-9887 is a use after free vulnerability found in the Proxy component of Chromium.

Q: Which software is affected by CVE-2026-9887?

CVE-2026-9887 affects Google Chrome prior to version 148.0.7778.216 and Microsoft Edge (Chromium-based) versions that include the affected Chromium.

Q: When was CVE-2026-9887 published?

CVE-2026-9887 was published on May 8, 2026.

Published May 8, 2026

Updated

Chromium: CVE-2026-9887 Use after free in Proxy

Other sources

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

— Microsoft

Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. (Chromium security severity: Critical)

— NVD

Credit

Google

Affected Software

8 affected componentsFixes available

Google Google Chrome<148.0.7778.216

All of the following

Google Chrome<148.0.7778.216

Microsoft Windows

All of the following

Google Chrome<148.0.7778.215

Any of the following

Apple macOS

Linux Linux kernel

Microsoft Edge (Chromium-based)

Patch available

Microsoft Edge<148.0.3967.96

Event History

May 28, 2026

CVE Published

via MITRE·10:25 PM

Data Sourced

via MITRE·10:25 PM

DescriptionWeakness

Data Sourced

via NVD·11:16 PM

DescriptionSeverityWeaknessAffected Software

May 29, 2026

Data Sourced

via Microsoft·11:19 PM

DescriptionSeverityWeaknessAffected Software

Updated

via Microsoft·11:19 PM

DescriptionAffected Software

Jun 3, 2026

Data Sourced

12:00 AM

SeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

2263404209181841280

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the severity of CVE-2026-9887?

The severity of CVE-2026-9887 is classified as high with a CVSS score of 8.8.

How do I fix CVE-2026-9887?

To fix CVE-2026-9887, update Google Chrome to version 148.0.7778.216 or later.

What type of vulnerability is CVE-2026-9887?

CVE-2026-9887 is a use after free vulnerability found in the Proxy component of Chromium.

Which software is affected by CVE-2026-9887?

CVE-2026-9887 affects Google Chrome prior to version 148.0.7778.216 and Microsoft Edge (Chromium-based) versions that include the affected Chromium.

When was CVE-2026-9887 published?

CVE-2026-9887 was published on May 8, 2026.

CVE-2026-9887: Use after free in Proxy

Other sources

Credit

Affected Software

Event History

Parent advisories

Peer vulnerabilities

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2026-9887?

How do I fix CVE-2026-9887?

What type of vulnerability is CVE-2026-9887?

Which software is affected by CVE-2026-9887?

When was CVE-2026-9887 published?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2026-9887?

How do I fix CVE-2026-9887?

What type of vulnerability is CVE-2026-9887?

Which software is affected by CVE-2026-9887?

When was CVE-2026-9887 published?