CVE-2026-5284

| EUVD-2026-17800 HIGH
2026-04-01 Chrome GHSA-2739-cxg4-jp3j
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch Released
Apr 01, 2026 - 05:15 nvd
Patch available
Analysis Generated
Apr 01, 2026 - 05:15 vuln.today
EUVD ID Assigned
Apr 01, 2026 - 05:15 euvd
EUVD-2026-17800
CVE Published
Apr 01, 2026 - 04:41 nvd
HIGH 7.5

Tags

Google Use After Free RCE Memory Corruption Denial Of Service Debian Redhat Suse

Description

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Analysis

Remote code execution in Google Chrome prior to 146.0.7680.178 via use-after-free vulnerability in Dawn graphics subsystem allows an attacker who has already compromised the renderer process to execute arbitrary code through a crafted HTML page. This vulnerability requires prior renderer compromise but presents significant risk in multi-process exploitation chains; vendor has released patched version 146.0.7680.178 to address the issue.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +38
POC: 0

Vendor Status

Debian

chromium
Release Status Fixed Version Urgency
bullseye (security), bullseye vulnerable 120.0.6099.224-1~deb11u1 -
bookworm vulnerable 143.0.7499.169-1~deb12u1 -
bookworm (security) vulnerable 146.0.7680.164-1~deb12u1 -
trixie vulnerable 145.0.7632.159-1~deb13u1 -
trixie (security) vulnerable 146.0.7680.164-1~deb13u1 -
forky vulnerable 146.0.7680.153-1 -
sid fixed 146.0.7680.177-1 -
bullseye fixed (unfixed) end-of-life
(unstable) fixed 146.0.7680.177-1 -

Share

CVE-2026-5284 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy