EUVD-2026-17802CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
AnalysisAI
Remote code execution in Google Chrome prior to version 146.0.7680.178 via use-after-free vulnerability in the Dawn graphics library allows unauthenticated remote attackers to execute arbitrary code through a crafted HTML page. The vulnerability affects all Chrome versions below the patched release and carries high severity per Chromium's assessment.
Sign in for full analysis, threat intelligence, and remediation guidance.
More from same product – last 7 days
SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Authentication-context bypass in pam_usb before 0.9.0 lets a person holding an enrolled USB device authenticate over SSH
Stored Cross-Site Scripting in the Google+ Link Name WordPress plugin (versions up to and including 1.0) allows authenti
Vendor StatusVendor
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye (security), bullseye | vulnerable | 120.0.6099.224-1~deb11u1 | - |
| bookworm | vulnerable | 143.0.7499.169-1~deb12u1 | - |
| bookworm (security) | vulnerable | 146.0.7680.164-1~deb12u1 | - |
| trixie | vulnerable | 145.0.7632.159-1~deb13u1 | - |
| trixie (security) | vulnerable | 146.0.7680.164-1~deb13u1 | - |
| forky | vulnerable | 146.0.7680.153-1 | - |
| sid | fixed | 146.0.7680.177-1 | - |
| bullseye | fixed | (unfixed) | end-of-life |
| (unstable) | fixed | 146.0.7680.177-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today