CVE-2026-5861
published 2026-04-08CVE-2026-5861: Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | chromium | < chromium 147.0.7727.55-1 (sid) | chromium 147.0.7727.55-1 (sid) |
| chrome | < 147.0.7727.55 | 147.0.7727.55 | |
| chrome | >= 147.0.7727.55 < 147.0.7727.55 | 147.0.7727.55 | |
| chrome_chrome | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
Red Hat
chromium-browser: Use after free in V8
vendor_redhat·2026-04-07·CVSS 8.8
CVE-2026-5861 [HIGH] CWE-825 chromium-browser: Use after free in V8
chromium-browser: Use after free in V8
An use after free flaw was found in the V8 component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=486927780
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Chrome
Stable Channel Update for Desktop: CVE-2026-5861
vendor_chrome·2026-04-07·CVSS 8.8
CVE-2026-5861 [HIGH] Stable Channel Update for Desktop: CVE-2026-5861
Stable Channel Update for Desktop
CVE-2026-5861: Use after free in V8. Reported by 5shain on 2026-02-23 [TBD][ 470566252 ] High CVE-2026-5862: Inappropriate implementation in V8
Reported by Google on 2025-12-21 [TBD][ 484527367 ] High CVE-2026-5863: Inappropriate implementation in V8
Severity: high
Debian
CVE-2026-5861: chromium - Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote at...
vendor_debian·2026·CVSS 8.8
CVE-2026-5861 [HIGH] CVE-2026-5861: chromium - Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote at...
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Scope: local
bookworm: open
bullseye: open
forky: open
sid: resolved (fixed in 147.0.7727.55-1)
trixie: open
Citrix
Citrix Security Bulletin CTX111186
vendor_citrix·CVSS 7.5
CVE-2006-5821 [HIGH] Citrix Security Bulletin CTX111186
Citrix Security Bulletin CTX111186
CVE References: CVE-2006-5821, CVE-2006-5861, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
GHSA
GHSA-9jm7-cgmm-6qg2: Use after free in V8 in Google Chrome prior to 147
ghsa_unreviewed·2026-04-09
CVE-2026-5861 CWE-416 GHSA-9jm7-cgmm-6qg2: Use after free in V8 in Google Chrome prior to 147
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
VulDB
Google Chrome up to 146.0.7680.178 V8 use after free (ID 486927 / WID-SEC-2026-1030)
vuldb·2026-04-09·CVSS 8.8
CVE-2026-5861 [HIGH] Google Chrome up to 146.0.7680.178 V8 use after free (ID 486927 / WID-SEC-2026-1030)
A vulnerability categorized as critical has been discovered in Google Chrome. The affected element is an unknown function of the component V8. The manipulation results in use after free.
This vulnerability is identified as CVE-2026-5861. The attack can be executed remotely. There is not any exploit available.
It is advisable to upgrade the affected component.
OSV
CVE-2026-5861: Use after free in V8 in Google Chrome prior to 147
osv·2026-04-08·CVSS 8.8
CVE-2026-5861 [HIGH] CVE-2026-5861: Use after free in V8 in Google Chrome prior to 147
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [epel-all]
bugzilla·2026-04-09·CVSS 8.8
CVE-2026-5858 [HIGH] CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [epel-all]
CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
FEDORA-2026-952f3c3d9e (chromium-147.0.7727.55-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-952f3c3d9e
---
FEDORA-EPEL-2026-718899309a (chromium-147.0.7727.55-1.el10_3) has been submitted as an update to Fedora EPEL 10.3.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-718899309a
---
FEDORA-EPEL-2026-82b8678fe1 (chromium-147.0.7727.55-1.e
Bugzilla
CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [fedora-all]
bugzilla·2026-04-09·CVSS 8.8
CVE-2026-5858 [HIGH] CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [fedora-all]
CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
FEDORA-EPEL-2026-718899309a (chromium-147.0.7727.55-1.el10_3) has been submitted as an update to Fedora EPEL 10.3.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-718899309a
---
FEDORA-EPEL-2026-4bb81189d7 (chromium-147.0.7727.55-1.el9) has been submitted as an update to Fedora EPEL 9.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-4bb81189d7
---
FEDORA-2026-f0ab053633 (chromium-147.0.7
Bugzilla
CVE-2026-5861 chromium-browser: Use after free in V8
bugzilla·2026-04-08·CVSS 8.8
CVE-2026-5861 [HIGH] CVE-2026-5861 chromium-browser: Use after free in V8
CVE-2026-5861 chromium-browser: Use after free in V8
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Sans Isc
Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
blogs_sans_isc·2026-04-14·CVSS 8.8
[HIGH] Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
Microsoft Patch Tuesday April 2026.
Published: 2026-04-14. Last Updated: 2026-04-14 17:46:09 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)
This month's Microsoft Patch Tuesday looks like a record one, but let's look at it a bit closer to understand what is happening
The update patches a total of 243 vulnerabilities. However, 78 of them are Chromium issues affecting Microsoft Edge. Patches for Edge were released earlier. This leaves 165 vulnerabilities that are not Edge-related. Of these, 8 are rated critical, and 154 are important. One vulnerability has already been exploited, and another was made public before today but has not yet been seen in the wild.
Noteworthy Vulnerabilities:
CVE-2026-33827 (Windows TCP/IP Remote Code Execution Vulnerability): As a packet nerd, I love thes
Wiz
CVE-2026-5861 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5861 [HIGH] CVE-2026-5861 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5861 :
Google Chrome vulnerability analysis and mitigation
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
2026-04-08
Published