CVE-2026-5904: Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit…

CVE-2026-5904 CWE-416 GHSA-2h64-4pg7-rq8p: Use after free in V8 in Google Chrome prior to 147 Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)

CVE-2026-5904 [HIGH] CVE-2026-5904: Use after free in V8 in Google Chrome prior to 147 Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)

CVE-2026-23353 ice: fix crash in ethtool offline loopback test ice: fix crash in ethtool offline loopback test In the Linux kernel, the following vulnerability has been resolved: ice: fix crash in ethtool offline loopback test Since the conversion of ice to page pool, the ethtool loopback test crashes: BUG: kernel NULL pointer dereference, address: 000000000000000c #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 1100f1067 P4D 0 Oops: Oops: 0002 [#1] SMP NOPTI CPU: 23 UID: 0 PID: 5904 Comm: ethtool Kdump: loaded Not tainted 6.19.0-0.rc7.260128g1f97d9dcf5364.49.eln154.x86_64 #1 PREEMPT(lazy) Hardware name: [...] RIP: 0010:ice_alloc_rx_bufs+0x1cd/0x310 [ice] Code: 83 6c 24 30 01 66 41 89 47 08 0f 84 c0 00 00 00 41 0f b7 dc 48 8b 44 24 18 48 c1 e3 04 41 bb 00 10 00 00 48 8d 2c 18 8b 04 24 45 0c 41 8b 4d 00 49

CVE-2026-5904 [HIGH] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2026-5904 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2026-5904

CVE-2026-5903 [LOW] Stable Channel Update for Desktop: CVE-2026-5903 Stable Channel Update for Desktop CVE-2026-5903: Policy bypass in IFrameSandbox. Reported by @Ciarands on 2026-02-11 [TBD][ 483851888 ] Low CVE-2026-5904: Use after free in V8 Reported by Zhenpeng (Leo) Lin at depthfirst on 2026-02-12 [TBD][ 483899628 ] Low CVE-2026-5905: Incorrect security UI in Permissions Severity: low

CVE-2026-5904 [HIGH] CWE-825 chromium-browser: Use after free in V8 chromium-browser: Use after free in V8 An use after free flaw was found in the V8 component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=483851888 Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.

CVE-2026-23353 [MEDIUM] CWE-824 kernel: ice: fix crash in ethtool offline loopback test kernel: ice: fix crash in ethtool offline loopback test In the Linux kernel, the following vulnerability has been resolved: ice: fix crash in ethtool offline loopback test Since the conversion of ice to page pool, the ethtool loopback test crashes: BUG: kernel NULL pointer dereference, address: 000000000000000c #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 1100f1067 P4D 0 Oops: Oops: 0002 [#1] SMP NOPTI CPU: 23 UID: 0 PID: 5904 Comm: ethtool Kdump: loaded Not tainted 6.19.0-0.rc7.260128g1f97d9dcf5364.49.eln154.x86_64 #1 PREEMPT(lazy) Hardware name: [...] RIP: 0010:ice_alloc_rx_bufs+0x1cd/0x310 [ice] Code: 83 6c 24 30 01 66 41 89 47 08 0f 84 c0 00 00 00 41 0f b7 dc 48 8b 44 24 18 48 c1 e3 04 41 bb 00 10 00 00 48 8d 2c 18 8b 04 24 45 0c 41 8b 4d

CVE-2026-5904 [HIGH] CVE-2026-5904: chromium - Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker... Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-5904 [HIGH] CVE-2026-5904 chromium-browser: Use after free in V8 CVE-2026-5904 chromium-browser: Use after free in V8 Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)

[HIGH] Microsoft Patch Tuesday April 2026., (Tue, Apr 14th) Microsoft Patch Tuesday April 2026. Published: 2026-04-14. Last Updated: 2026-04-14 17:46:09 UTC by Johannes Ullrich (Version: 1) 0 comment(s) This month's Microsoft Patch Tuesday looks like a record one, but let's look at it a bit closer to understand what is happening The update patches a total of 243 vulnerabilities. However, 78 of them are Chromium issues affecting Microsoft Edge. Patches for Edge were released earlier. This leaves 165 vulnerabilities that are not Edge-related. Of these, 8 are rated critical, and 154 are important. One vulnerability has already been exploited, and another was made public before today but has not yet been seen in the wild. Noteworthy Vulnerabilities: CVE-2026-33827 (Windows TCP/IP Remote Code Execution Vulnerability): As a packet nerd, I love thes

CVE-2026-5904 [HIGH] CVE-2026-5904 Impact, Exploitability, and Mitigation Steps | Wiz ## CVE-2026-5904 : Google Chrome vulnerability analysis and mitigation Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low) Source : NVD Published April 8, 2026 CNA Score N/A Affected Technologies Google Chrome Chromium Has Public Exploit No Has CISA KEV Exploit No CISA KEV Release Date N/A CISA KEV Due Date N/A Exploitation Probability Percentile (EPSS) 0.8 Exploitation Probability (EPSS) N/A Affected packages and libraries chromium cpe:2.3:a:google:chrome Sources NVD Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026 Echo No Fix Added at: Apr 09, 2026 Linux Has Fix Added at: Apr 09