CVE-2026-3539 — Use of Object without Invoking Destructor Method in Google Chrome

CWE-1091 — Use of Object without Invoking Destructor Method9 documents9 sources

Severity

8.8HIGHNVD

EPSS

0.0%

top 99.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium

Timeline

PublishedMar 4

Latest updateMar 20

Description

Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5google/chrome145.0.7632.159 — 145.0.7632.159

▶NVDgoogle/chrome< 145.0.7632.159

▶Debianchromium/chromium< 145.0.7632.159-1~deb12u1+2

🔴Vulnerability Details

OSV

CVE-2026-3539: Object lifecycle issue in DevTools in Google Chrome prior to 145↗2026-03-04

▶

GHSA

GHSA-v9p5-c4x3-2554: Object lifecycle issue in DevTools in Google Chrome prior to 145↗2026-03-04

▶

CVEList

CVE-2026-3539: Object lifecycle issue in DevTools in Google Chrome prior to 145↗2026-03-04

▶

📋Vendor Advisories

Chrome

Long Term Support Channel Update for ChromeOS: CVE-2026-3539↗2026-03-20

▶

Microsoft

Chromium: CVE-2026-3539 Object lifecycle issue in DevTools↗2026-03-10

▶

Red Hat

chromium-browser: Object lifecycle issue in DevTools↗2026-03-03

▶

Debian

CVE-2026-3539: chromium - Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allo...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-3539 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶