CVE-2026-5290

| EUVD-2026-17809 CRITICAL
2026-04-01 Chrome GHSA-3rff-rg87-9c8x
9.6
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch Released
Apr 01, 2026 - 05:15 nvd
Patch available
Analysis Generated
Apr 01, 2026 - 05:15 vuln.today
EUVD ID Assigned
Apr 01, 2026 - 05:15 euvd
EUVD-2026-17809
CVE Published
Apr 01, 2026 - 04:41 nvd
CRITICAL 9.6

Tags

Google Use After Free Denial Of Service Memory Corruption Debian Suse

Description

Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Analysis

Use-after-free in Chrome's compositing engine allows remote attackers who have compromised the renderer process to escape the sandbox via crafted HTML pages in Google Chrome prior to version 146.0.7680.178. This high-severity vulnerability requires prior renderer compromise but enables privilege escalation from the sandboxed renderer to system-level access, making it a critical sandbox bypass vector. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

48
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +48
POC: 0

Vendor Status

Debian

chromium
Release Status Fixed Version Urgency
bullseye (security), bullseye vulnerable 120.0.6099.224-1~deb11u1 -
bookworm vulnerable 143.0.7499.169-1~deb12u1 -
bookworm (security) vulnerable 146.0.7680.164-1~deb12u1 -
trixie vulnerable 145.0.7632.159-1~deb13u1 -
trixie (security) vulnerable 146.0.7680.164-1~deb13u1 -
forky vulnerable 146.0.7680.153-1 -
sid fixed 146.0.7680.177-1 -
bullseye fixed (unfixed) end-of-life
(unstable) fixed 146.0.7680.177-1 -

Share

CVE-2026-5290 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy