Is Use After Free affected by EUVD-2026-14682?

Organizations using Dawn in Google Chrome face significant risk from CVE-2026-4676, a use-after-free vulnerability rated CVSS 8.8. Successful exploitation could significantly impact the confidentiality, integrity, or availability of affected systems.

EUVD-2026-14682

| CVE-2026-4676 HIGH

2026-03-24 Chrome

GHSA-2448-99wr-g9vj

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 24, 2026 - 01:00 nvd

Patch available

Analysis Generated

Mar 24, 2026 - 00:45 vuln.today

EUVD ID Assigned

Mar 24, 2026 - 00:45 euvd

EUVD-2026-14682

CVE Published

Mar 24, 2026 - 00:24 nvd

HIGH 8.8

Description

Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Analysis

Sandbox escape in Google Chrome prior to version 146.0.7680.165 via a use-after-free vulnerability in the Dawn graphics component enables remote attackers to execute arbitrary code when users visit malicious HTML pages. The vulnerability affects multiple platforms including Debian systems and requires only user interaction to trigger, bypassing Chrome's sandbox isolation. …

Remediation

Within 7 days: Identify all affected systems running Dawn in Google Chrome and apply vendor patches promptly. If patching is delayed, consider network segmentation to limit exposure.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +44

POC: 0

Vendor Status

Debian

chromium

Release	Status	Fixed Version	Urgency
bullseye (security), bullseye	vulnerable	120.0.6099.224-1~deb11u1	-
bookworm	vulnerable	143.0.7499.169-1~deb12u1	-
bookworm (security)	vulnerable	146.0.7680.153-1~deb12u1	-
trixie	vulnerable	145.0.7632.159-1~deb13u1	-
trixie (security)	vulnerable	146.0.7680.153-1~deb13u1	-
forky	vulnerable	146.0.7680.153-1	-
sid	fixed	146.0.7680.164-1	-
bullseye	fixed	(unfixed)	end-of-life
(unstable)	fixed	146.0.7680.164-1	-

EUVD-2026-14682 vulnerability details – vuln.today

Back

EUVD-2026-14682

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Vendor Status

Debian

Share

EUVD-2026-14682

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Vendor Status

Debian

Share

External POC / Exploit Code