CVE-2026-5858: Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium…

CVE-2026-5858 [HIGH] CWE-131 Google Chrome: WebML: Chromium: Google Chrome: Arbitrary code execution via heap buffer overflow in WebML Google Chrome: WebML: Chromium: Google Chrome: Arbitrary code execution via heap buffer overflow in WebML A flaw was found in WebML in Google Chrome. A remote attacker could exploit a heap buffer overflow vulnerability by enticing a user to visit a specially crafted HTML page. Successful exploitation of this memory corruption flaw could allow the attacker to execute arbitrary code on the affected system, leading to a complete compromise. Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.

CVE-2026-5858 [CRITICAL] Stable Channel Update for Desktop: CVE-2026-5858 Stable Channel Update for Desktop CVE-2026-5858: Heap buffer overflow in WebML. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-17 [$43000][ 494158331 ] Critical CVE-2026-5859: Integer overflow in WebML Reported by Anonymous on 2026-03-19 [$11000][ 486495143 ] High CVE-2026-5860: Use after free in WebRTC Severity: critical

CVE-2026-5858 [HIGH] CVE-2026-5858: chromium - Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a ... Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-5858 CWE-122 GHSA-88x7-8x6j-5jw9: Heap buffer overflow in WebML in Google Chrome prior to 147 Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-5858 [HIGH] Google Chrome up to 146.0.7680.178 WebML heap-based overflow (ID 493319 / WID-SEC-2026-1030) A vulnerability, which was classified as critical, has been found in Google Chrome. Affected by this vulnerability is an unknown functionality of the component WebML. This manipulation causes heap-based buffer overflow. This vulnerability is registered as CVE-2026-5858. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

CVE-2026-5858 [HIGH] CVE-2026-5858: Heap buffer overflow in WebML in Google Chrome prior to 147 Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

[HIGH] Microsoft Patch Tuesday April 2026., (Tue, Apr 14th) Microsoft Patch Tuesday April 2026. Published: 2026-04-14. Last Updated: 2026-04-14 17:46:09 UTC by Johannes Ullrich (Version: 1) 0 comment(s) This month's Microsoft Patch Tuesday looks like a record one, but let's look at it a bit closer to understand what is happening The update patches a total of 243 vulnerabilities. However, 78 of them are Chromium issues affecting Microsoft Edge. Patches for Edge were released earlier. This leaves 165 vulnerabilities that are not Edge-related. Of these, 8 are rated critical, and 154 are important. One vulnerability has already been exploited, and another was made public before today but has not yet been seen in the wild. Noteworthy Vulnerabilities: CVE-2026-33827 (Windows TCP/IP Remote Code Execution Vulnerability): As a packet nerd, I love thes

[HIGH] ⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More Home Threat Intelligence Vulnerabilities Cyber Attacks Webinars Expert Insights Awards Webinars Awards Free eBooks About THN Jobs Advertise with us ## ⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that is finally coming to light. It is one of those mornings where the gap between a quiet shift and a full-blown incident response is basically non-existent. The variety this week is particularly nasty. We have AI models being turned into autonomous exploit engines, North Korean groups playing the long game

CVE-2026-5858 [HIGH] CVE-2026-5858 Impact, Exploitability, and Mitigation Steps | Wiz ## CVE-2026-5858 : Google Chrome vulnerability analysis and mitigation Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) Source : NVD Published April 8, 2026 CNA Score N/A Affected Technologies Google Chrome Chromium Has Public Exploit No Has CISA KEV Exploit No CISA KEV Release Date N/A CISA KEV Due Date N/A Exploitation Probability Percentile (EPSS) 8.8 Exploitation Probability (EPSS) N/A Affected packages and libraries chromium cpe:2.3:a:google:chrome Sources NVD Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026 Echo No Fix Added at: Apr 09, 2026 Linux Has Fix Added at: Apr 09, 2026 Windows Has Fix Added at: Apr 09, 2026 ## Ge

CVE-2026-5858 [HIGH] CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [epel-all] CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [epel-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. Discussion: FEDORA-2026-952f3c3d9e (chromium-147.0.7727.55-1.fc43) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2026-952f3c3d9e --- FEDORA-EPEL-2026-718899309a (chromium-147.0.7727.55-1.el10_3) has been submitted as an update to Fedora EPEL 10.3. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-718899309a --- FEDORA-EPEL-2026-82b8678fe1 (chromium-147.0.7727.55-1.e

CVE-2026-5858 [HIGH] CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [fedora-all] CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [fedora-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. Discussion: FEDORA-EPEL-2026-718899309a (chromium-147.0.7727.55-1.el10_3) has been submitted as an update to Fedora EPEL 10.3. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-718899309a --- FEDORA-EPEL-2026-4bb81189d7 (chromium-147.0.7727.55-1.el9) has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-4bb81189d7 --- FEDORA-2026-f0ab053633 (chromium-147.0.7

CVE-2026-5858 [HIGH] CVE-2026-5858 Google Chrome: WebML: Chromium: Google Chrome: Arbitrary code execution via heap buffer overflow in WebML CVE-2026-5858 Google Chrome: WebML: Chromium: Google Chrome: Arbitrary code execution via heap buffer overflow in WebML Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)