CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,398 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 127 of 148
- CVE-2026-13804HIGHCVSS 8.3EG 8.32026-06-30
Use after free in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-13805HIGHCVSS 8.8EG 8.82026-06-30
Use after free in GFX in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-13807HIGHCVSS 7.5EG 7.52026-06-30
Use after free in Import in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a malicious file. (Chromium security severity: High)
- CVE-2026-13811HIGHCVSS 8.8EG 8.82026-06-30
Use after free in IME in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-13814HIGHCVSS 7.5EG 7.52026-06-30
Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: H…
- CVE-2026-13815HIGHCVSS 8.8EG 8.82026-06-30
Use after free in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-13821HIGHCVSS 8.8EG 8.82026-06-30
Use after free in Canvas in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-13823HIGHCVSS 8.3EG 8.32026-06-30
Use after free in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-13827HIGHCVSS 7.8EG 7.82026-06-30
Use after free in Updater in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)
- CVE-2026-13830HIGHCVSS 8.8EG 8.82026-06-30
Use after free in Chromoting in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High)
- CVE-2026-13831HIGHCVSS 7.5EG 7.52026-06-30
Out of bounds read and write in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:…
- CVE-2026-13832HIGHCVSS 8.3EG 8.32026-06-30
Use after free in Headless in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-13844HIGHCVSS 7.8EG 7.82026-06-30
Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
- CVE-2026-13845HIGHCVSS 8.8EG 8.82026-06-30
Use after free in DOM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-13846CRITICALCVSS 9.6EG 9.62026-06-30
Use after free in USB in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-13848HIGHCVSS 8.8EG 8.82026-06-30
Use after free in Forms in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-13853CRITICALCVSS 9.6EG 9.62026-06-30
Use after free in Journeys in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-13854CRITICALCVSS 9.6EG 9.62026-06-30
Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-13855HIGHCVSS 7.5EG 7.52026-06-30
Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-13861CRITICALCVSS 9.6EG 9.62026-06-30
Use after free in Core in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-13869CRITICALCVSS 9.6EG 9.62026-06-30
Use after free in Device in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Me…
- CVE-2026-13870HIGHCVSS 8.8EG 8.82026-06-30
Use after free in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-13878CRITICALCVSS 9.6EG 9.62026-06-30
Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Med…
- CVE-2026-13879MEDIUMCVSS 6.5EG 6.52026-06-30
Use after free in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: M…
- CVE-2026-13880CRITICALCVSS 9.6EG 9.62026-06-30
Use after free in USB in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-13885HIGHCVSS 8.8EG 8.82026-06-30
Use after free in Skia in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-13888HIGHCVSS 8.8EG 8.82026-06-30
Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-13898HIGHCVSS 8.8EG 8.82026-06-30
Use after free in Cast Receiver in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-13899HIGHCVSS 8.8EG 8.82026-06-30
Use after free in HTML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-13915HIGHCVSS 8.8EG 8.82026-06-30
Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium secu…
- CVE-2026-13918HIGHCVSS 8.8EG 8.82026-06-30
Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-13965HIGHCVSS 8.8EG 8.82026-06-30
Use after free in Oilpan in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-14005HIGHCVSS 8.8EG 8.82026-06-30
Use after free in Omnibox in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium securit…
- CVE-2026-14006HIGHCVSS 8.8EG 8.82026-06-30
Use after free in Navigation in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-14018HIGHCVSS 7.8EG 7.82026-06-30
Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)
- CVE-2026-14024HIGHCVSS 8.8EG 8.82026-06-30
Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security se…
- CVE-2026-14025HIGHCVSS 8.8EG 8.82026-06-30
Use after free in Views in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security seve…
- CVE-2026-14027HIGHCVSS 8.8EG 8.82026-06-30
Use after free in SignIn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: …
- CVE-2026-14032HIGHCVSS 8.1EG 8.12026-06-30
Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Low)
- CVE-2026-14040HIGHCVSS 8.8EG 8.82026-06-30
Use after free in BrowserTag in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severi…
- CVE-2026-14043CRITICALCVSS 9.6EG 9.62026-06-30
Use after free in GetUserMedia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14044CRITICALCVSS 9.6EG 9.62026-06-30
Use after free in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14048MEDIUMCVSS 6.5EG 6.52026-06-30
Use after free in Chromecast in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: …
- CVE-2026-14064HIGHCVSS 7.5EG 7.52026-06-30
Use after free in PageInfo in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: …
- CVE-2026-14067HIGHCVSS 8.8EG 8.82026-06-30
Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14091HIGHCVSS 8.8EG 8.82026-06-30
Use after free in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14093CRITICALCVSS 9.6EG 9.62026-06-30
Use after free in Cast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14094HIGHCVSS 7.8EG 7.82026-06-30
Use after free in Installer in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low)
- CVE-2026-14099HIGHCVSS 8.8EG 8.82026-06-30
Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium secu…
- CVE-2026-14102HIGHCVSS 8.8EG 8.82026-07-01
Use after free in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →