CVE-2026-5280: Use after free in Google Chrome
CVE-2026-5280 is a use-after-free vulnerability in the WebCodecs component of Google Chrome versions prior to 146. 0. 7680. 178. This flaw allows a remote attacker to execute arbitrary code within the browser's sandbox by tricking a user into visiting a crafted HTML page. The vulnerability has a high severity rating with a CVSS score of 8. 8, indicating significant potential impact on confidentiality, integrity, and availability. There are no known exploits in the wild at the time of publication. The vulnerability affects desktop versions of Google Chrome and is addressed starting with version 146. 0.
AI Analysis
Technical Summary
A use-after-free vulnerability exists in the WebCodecs component of Google Chrome before version 146.0.7680.178. This vulnerability enables remote code execution inside the sandbox via a crafted HTML page. The CVSS 3.1 base score is 8.8, reflecting network attack vector, low attack complexity, no privileges required, user interaction needed, unchanged scope, and high impact on confidentiality, integrity, and availability. The vulnerability was publicly disclosed on April 1, 2026, and no known exploits have been reported. The affected product is Google Chrome, a widely used web browser.
Potential Impact
Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code within the sandboxed environment of Google Chrome, potentially compromising the confidentiality, integrity, and availability of the affected system. Since the attack requires user interaction (visiting a malicious HTML page), the risk is mitigated by user caution but remains significant due to the high impact score.
Mitigation Recommendations
The vulnerability affects Google Chrome versions prior to 146.0.7680.178. Users and administrators should update to version 146.0.7680.178 or later to remediate this issue. Patch status is not explicitly confirmed in the provided data; therefore, it is recommended to consult the official Google Chrome security advisories for the latest remediation information. No additional mitigations are specified in the available data.
CVE-2026-5280: Use after free in Google Chrome
Description
CVE-2026-5280 is a use-after-free vulnerability in the WebCodecs component of Google Chrome versions prior to 146. 0. 7680. 178. This flaw allows a remote attacker to execute arbitrary code within the browser's sandbox by tricking a user into visiting a crafted HTML page. The vulnerability has a high severity rating with a CVSS score of 8. 8, indicating significant potential impact on confidentiality, integrity, and availability. There are no known exploits in the wild at the time of publication. The vulnerability affects desktop versions of Google Chrome and is addressed starting with version 146. 0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
A use-after-free vulnerability exists in the WebCodecs component of Google Chrome before version 146.0.7680.178. This vulnerability enables remote code execution inside the sandbox via a crafted HTML page. The CVSS 3.1 base score is 8.8, reflecting network attack vector, low attack complexity, no privileges required, user interaction needed, unchanged scope, and high impact on confidentiality, integrity, and availability. The vulnerability was publicly disclosed on April 1, 2026, and no known exploits have been reported. The affected product is Google Chrome, a widely used web browser.
Potential Impact
Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code within the sandboxed environment of Google Chrome, potentially compromising the confidentiality, integrity, and availability of the affected system. Since the attack requires user interaction (visiting a malicious HTML page), the risk is mitigated by user caution but remains significant due to the high impact score.
Mitigation Recommendations
The vulnerability affects Google Chrome versions prior to 146.0.7680.178. Users and administrators should update to version 146.0.7680.178 or later to remediate this issue. Patch status is not explicitly confirmed in the provided data; therefore, it is recommended to consult the official Google Chrome security advisories for the latest remediation information. No additional mitigations are specified in the available data.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-03-31T20:07:12.932Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 69cca4c0e6bfc5ba1d993065
Added to database: 4/1/2026, 4:53:20 AM
Last enriched: 4/8/2026, 6:37:29 AM
Last updated: 5/21/2026, 11:56:41 AM
Views: 73
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.