CVE-2026-5278: Use after free in Google Chrome
CVE-2026-5278 is a use-after-free vulnerability in the Web MIDI component of Google Chrome on Android versions prior to 146. 0. 7680. 178. This flaw allows a remote attacker to execute arbitrary code by convincing a user to visit a crafted HTML page. The vulnerability has a high severity rating with a CVSS score of 8. 8. It affects Chrome on Android and requires user interaction to exploit. No known exploits in the wild have been reported at this time. The vulnerability is addressed in Chrome version 146.
AI Analysis
Technical Summary
This vulnerability involves a use-after-free condition in the Web MIDI implementation of Google Chrome on Android devices. An attacker can exploit this by delivering a specially crafted HTML page that triggers the use-after-free, enabling arbitrary code execution within the context of the browser. The issue affects Chrome versions prior to 146.0.7680.178 and has been assigned a high severity rating (CVSS 8.8).
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary code on the affected Android device via the Chrome browser, potentially leading to full compromise of the browser process. This can result in confidentiality, integrity, and availability impacts as indicated by the CVSS vector (C:H/I:H/A:H).
Mitigation Recommendations
Users should update Google Chrome on Android to version 146.0.7680.178 or later, where this vulnerability is fixed. Since this is a client-side vulnerability requiring user interaction, avoiding untrusted or suspicious web content until patched can reduce risk. Patch status is confirmed by the version information; updating to the fixed version is the recommended remediation.
CVE-2026-5278: Use after free in Google Chrome
Description
CVE-2026-5278 is a use-after-free vulnerability in the Web MIDI component of Google Chrome on Android versions prior to 146. 0. 7680. 178. This flaw allows a remote attacker to execute arbitrary code by convincing a user to visit a crafted HTML page. The vulnerability has a high severity rating with a CVSS score of 8. 8. It affects Chrome on Android and requires user interaction to exploit. No known exploits in the wild have been reported at this time. The vulnerability is addressed in Chrome version 146.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a use-after-free condition in the Web MIDI implementation of Google Chrome on Android devices. An attacker can exploit this by delivering a specially crafted HTML page that triggers the use-after-free, enabling arbitrary code execution within the context of the browser. The issue affects Chrome versions prior to 146.0.7680.178 and has been assigned a high severity rating (CVSS 8.8).
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary code on the affected Android device via the Chrome browser, potentially leading to full compromise of the browser process. This can result in confidentiality, integrity, and availability impacts as indicated by the CVSS vector (C:H/I:H/A:H).
Mitigation Recommendations
Users should update Google Chrome on Android to version 146.0.7680.178 or later, where this vulnerability is fixed. Since this is a client-side vulnerability requiring user interaction, avoiding untrusted or suspicious web content until patched can reduce risk. Patch status is confirmed by the version information; updating to the fixed version is the recommended remediation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-03-31T20:07:12.284Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 69cca4c0e6bfc5ba1d99305d
Added to database: 4/1/2026, 4:53:20 AM
Last enriched: 4/8/2026, 6:37:18 AM
Last updated: 5/21/2026, 7:15:29 PM
Views: 53
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.