Introduction
A critical memory corruption flaw in Google Chrome's Prerender feature allows remote code execution through nothing more than a crafted HTML page, and the victim's browser can begin executing the malicious payload before the user even clicks a link. With Chrome commanding roughly 66.7% of the global desktop browser market as of March 2026, CVE-2026-6299 represents a significant exposure surface that security teams need to address promptly through patching or targeted workarounds.
Technical Information
Root Cause: Synchronous Destruction of a Live WebContents
CVE-2026-6299 is classified as CWE-416, Use After Free. The vulnerability lives in Chrome's Prerender subsystem, specifically in how PrerenderNewTabHandle was destroyed during certain cancellation paths.
Prerendering is a performance optimization where Chrome opens a page in a hidden background tab and fully executes its contents before the user navigates to it. This is designed to make page transitions feel instant. The feature can be triggered through several mechanisms:
- Speculation Rules API: Web developers embed JSON instructions in their pages telling Chrome which URLs to prerender.
- Omnibox Predictions: Chrome may automatically prerender a URL if it has high confidence the user will visit it, based on browsing history or search terms.
- Bookmark Hovering: Chrome may prerender a page when a user holds their pointer over a bookmark.
The core issue is a lifetime management bug. When a prerender for a new tab was cancelled (for instance, by BrowsingDataRemoverImpl::RemoveImpl, which can be triggered via a Clear-Site-Data HTTP header), the PrerenderNewTabHandle and its owned WebContentsImpl were destroyed synchronously. The problem is that BrowsingDataRemoverImpl iterates over a snapshot of raw pointers to all live WebContents objects. Destroying one of those objects mid iteration left a dangling pointer in the snapshot, producing a classic Use After Free condition.
Attack Flow
- An attacker hosts a crafted HTML page designed to trigger the vulnerable code path in the Prerender component.
- The victim's browser is induced to prerender this malicious page. This can happen through speculation rules on a page the victim visits, through Omnibox prediction if the attacker can influence browsing patterns, or through other prerender triggers.
- During prerendering, the crafted page triggers a condition (such as a
Clear-Site-Dataheader in a response) that causesBrowsingDataRemoverImpl::RemoveImplto cancel the prerender. - The synchronous destruction of
PrerenderNewTabHandleand its ownedWebContentsImplcorrupts the raw pointer snapshot being iterated byBrowsingDataRemoverImpl. - The attacker leverages the resulting dangling pointer to achieve arbitrary code execution.
Because prerendered pages execute in the background, the malicious HTML can trigger the Use After Free and achieve code execution before the user explicitly clicks a link to the attacker controlled destination. The CVSS v3.1 vector reflects this: network delivery, low attack complexity, no privileges required, with user interaction required (the user must visit a page that triggers the prerender).
Patch Information
Google addressed CVE-2026-6299 in commit 8c1ead5a699f53f1915f3187d2bcfac725c46815, authored by Hiroki Nakagawa ([email protected]) on March 30, 2026. The fix shipped in the Chrome 147.0.7727.101/.102 stable channel release on April 15, 2026. The commit was reviewed via Chromium Gerrit CL #7710193 and references Chromium bug 497053588. Five files were modified across the content/browser/preloading/prerender/ directory.
The fix restructures the destruction path in three key ways.
1. Ownership Transfer via a New Static Method
The old instance method PrerenderNewTabHandle::CancelPrerendering() was replaced with a static method CancelPrerenderingAndDestroy() that explicitly takes ownership of the handle via std::unique_ptr. By moving ownership into the static function, the caller can no longer accidentally access the object after cancellation:
// Before (instance method, handle stays alive in caller's scope): handle->CancelPrerendering(reason); // After (static method consumes ownership): PrerenderNewTabHandle::CancelPrerenderingAndDestroy(std::move(handle), reason);
2. Deferred Destruction via DeleteSoon()
Inside the new static method, for general cancellation cases, the handle is no longer destroyed immediately. Instead, base::SingleThreadTaskRunner::GetCurrentDefault()->DeleteSoon() schedules the handle's destruction on the next message loop iteration. This ensures the WebContentsImpl owned by the handle survives long enough for any in progress iteration over WebContents raw pointers to complete safely:
// From prerender_new_tab_handle.cc — the core of the fix: if (reason.final_status() == PrerenderFinalStatus::kSpeculationRuleRemoved) { // Defer destruction until the pagehide event is fired. registry.SchedulePendingDeletionPrerenderNewTabHandle( base::PassKey<PrerenderNewTabHandle>(), std::move(handle)); } else { // Defer destruction to avoid synchronous destruction of WebContentsImpl. // Prevents Use-After-Free during iteration (e.g., BrowsingDataRemoverImpl). base::SingleThreadTaskRunner::GetCurrentDefault()->DeleteSoon( FROM_HERE, std::move(handle)); } registry.CancelHost(host_id, reason);
3. Consolidated Logic and PassKey Access Control
Previously, the branching logic for different cancellation reasons lived inside PrerenderHostRegistry. The patch moves this decision into CancelPrerenderingAndDestroy, centralizing the lifetime management. To support this, SchedulePendingDeletionPrerenderNewTabHandle was moved from a private method on the registry to a public method guarded by base::PassKey<PrerenderNewTabHandle>, ensuring only PrerenderNewTabHandle itself can invoke the deferred deletion path:
// In prerender_host_registry.h — moved from private to public with PassKey guard: void SchedulePendingDeletionPrerenderNewTabHandle( base::PassKey<PrerenderNewTabHandle>, std::unique_ptr<PrerenderNewTabHandle> handle);
The corresponding call site in prerender_host_registry.cc was dramatically simplified; the old eight line if/else block was replaced with a single call that delegates all lifetime decisions to the handle itself.
The commit also includes a new browser test NewTabPrerenderCancellationByBrowsingDataRemover that exercises the exact trigger scenario: it starts a new tab prerender, invokes BrowsingDataRemover::RemoveAndReply(), and asserts that the prerender's WebContents is destroyed safely without a crash. This test directly validates that the Clear Site Data / browsing data removal path no longer triggers the UAF.
Affected Systems and Versions
The vulnerability affects Google Chrome on all desktop platforms:
| Operating System | Vulnerable Versions | Fixed Version |
|---|---|---|
| Windows | All versions prior to 147.0.7727.101 | 147.0.7727.101 or 147.0.7727.102 |
| macOS | All versions prior to 147.0.7727.101 | 147.0.7727.101 or 147.0.7727.102 |
| Linux | All versions prior to 147.0.7727.101 | 147.0.7727.101 |
Any Chrome installation with the Preload pages setting enabled (the default) is exposed to this attack vector. Chromium based browsers that incorporate the affected Prerender code may also be vulnerable, though vendor specific advisories should be consulted.
Vendor Security History
Google maintains a highly mature security posture for the Chromium project. The vendor operates a robust Vulnerability Reward Program that provides monetary awards and public recognition for responsibly disclosed security flaws. Google actively utilizes advanced memory safety testing tools during the development cycle, including AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, and fuzzing engines like libFuzzer and AFL.
Google employs a strict disclosure policy where access to bug details and links is kept restricted until a majority of users are updated with a fix. The Chromium issue tracker ticket for this vulnerability (497053588) remains restricted at the time of writing.
References
- NVD: CVE-2026-6299
- Chrome Releases: Stable Channel Update for Desktop (April 15, 2026)
- Chromium Issue Tracker: Bug 497053588
- Chromium Commit 8c1ead5a699f
- Chromium Commit Diff
- Chromium Gerrit CL #7710193
- Chrome Developer Docs: Prerender Pages
- Chrome Vulnerability Reward Program Rules
- Statcounter: Browser Market Share (March 2026)
