CVE-2026-5874: Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to…

CVE-2026-5874 [CRITICAL] Google Chrome up to 146.0.7680.178 PrivateAI use after free (ID 485397 / WID-SEC-2026-1030) A vulnerability was found in Google Chrome. It has been rated as critical. This affects an unknown function of the component PrivateAI. This manipulation causes use after free. The identification of this vulnerability is CVE-2026-5874. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

CVE-2026-5874 CWE-416 GHSA-gxc3-xj8w-g58j: Use after free in PrivateAI in Google Chrome prior to 147 Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-5874 [CRITICAL] CVE-2026-5874: Use after free in PrivateAI in Google Chrome prior to 147 Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-5874 [CRITICAL] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2026-5874 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2026-5874

CVE-2026-5874 [CRITICAL] CWE-825 Google Chrome: Chromium: Google Chrome: Sandbox escape via use-after-free in PrivateAI Google Chrome: Chromium: Google Chrome: Sandbox escape via use-after-free in PrivateAI A flaw was found in Google Chrome. A remote attacker could exploit a use-after-free vulnerability in the PrivateAI component by convincing a user to engage in specific user interface (UI) gestures through a crafted HTML page. This could potentially allow the attacker to bypass the browser's security sandbox, leading to unauthorized access or control over the system. Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.

CVE-2026-5873 [HIGH] Stable Channel Update for Desktop: CVE-2026-5873 Stable Channel Update for Desktop CVE-2026-5873: Out of bounds read and write in V8. Reported by Google on 2026-03-25 [$11000][ 485397279 ] Medium CVE-2026-5874: Use after free in PrivateAI Reported by Krace on 2026-02-18 [$4000][ 430198264 ] Medium CVE-2026-5875: Policy bypass in Blink Severity: high

CVE-2026-5874 [CRITICAL] CVE-2026-5874: chromium - Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a re... Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-5858 [HIGH] CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [epel-all] CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [epel-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. Discussion: FEDORA-2026-952f3c3d9e (chromium-147.0.7727.55-1.fc43) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2026-952f3c3d9e --- FEDORA-EPEL-2026-718899309a (chromium-147.0.7727.55-1.el10_3) has been submitted as an update to Fedora EPEL 10.3. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-718899309a --- FEDORA-EPEL-2026-82b8678fe1 (chromium-147.0.7727.55-1.e

CVE-2026-5858 [HIGH] CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [fedora-all] CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [fedora-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. Discussion: FEDORA-EPEL-2026-718899309a (chromium-147.0.7727.55-1.el10_3) has been submitted as an update to Fedora EPEL 10.3. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-718899309a --- FEDORA-EPEL-2026-4bb81189d7 (chromium-147.0.7727.55-1.el9) has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-4bb81189d7 --- FEDORA-2026-f0ab053633 (chromium-147.0.7

CVE-2026-5874 [CRITICAL] CVE-2026-5874 Google Chrome: Chromium: Google Chrome: Sandbox escape via use-after-free in PrivateAI CVE-2026-5874 Google Chrome: Chromium: Google Chrome: Sandbox escape via use-after-free in PrivateAI Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

[HIGH] Microsoft Patch Tuesday April 2026., (Tue, Apr 14th) Microsoft Patch Tuesday April 2026. Published: 2026-04-14. Last Updated: 2026-04-14 17:46:09 UTC by Johannes Ullrich (Version: 1) 0 comment(s) This month's Microsoft Patch Tuesday looks like a record one, but let's look at it a bit closer to understand what is happening The update patches a total of 243 vulnerabilities. However, 78 of them are Chromium issues affecting Microsoft Edge. Patches for Edge were released earlier. This leaves 165 vulnerabilities that are not Edge-related. Of these, 8 are rated critical, and 154 are important. One vulnerability has already been exploited, and another was made public before today but has not yet been seen in the wild. Noteworthy Vulnerabilities: CVE-2026-33827 (Windows TCP/IP Remote Code Execution Vulnerability): As a packet nerd, I love thes

CVE-2026-5874 [HIGH] CVE-2026-5874 Impact, Exploitability, and Mitigation Steps | Wiz ## CVE-2026-5874 : Google Chrome vulnerability analysis and mitigation Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) Source : NVD Published April 8, 2026 CNA Score N/A Affected Technologies Google Chrome Chromium Has Public Exploit No Has CISA KEV Exploit No CISA KEV Release Date N/A CISA KEV Due Date N/A Exploitation Probability Percentile (EPSS) 10.4 Exploitation Probability (EPSS) N/A Affected packages and libraries chromium cpe:2.3:a:google:chrome Sources NVD Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026 Echo No Fix Added at: Apr 09, 2026 Linux Has Fix Adde