What is GHSA-3prp-9628-vjqf?

GHSA-3prp-9628-vjqf is a security advisory published by GitHub Security Advisories with High severity. Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker...

Which CVE IDs does GHSA-3prp-9628-vjqf cover?

GHSA-3prp-9628-vjqf covers the following CVE IDs: CVE-2026-9964. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-3prp-9628-vjqf?

GHSA-3prp-9628-vjqf has a CVSS v3 base score of 8.1, published by GitHub Security Advisories.

GHSA-3prp-9628-vjqfHighCVSS 8.1

Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker...

Vendor

GitHub Security Advisories

Published

May 29, 2026

Last Modified

May 29, 2026

🔗 CVE IDs covered (1)

CVE-2026-9964 →

📋 Description

Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-9964
https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html
https://issues.chromium.org/issues/505190999
https://github.com/advisories/GHSA-3prp-9628-vjqf