CVE-2026-5914
published 2026-04-08CVE-2026-5914: Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | chromium | < chromium 147.0.7727.55-1 (sid) | chromium 147.0.7727.55-1 (sid) |
| chrome | < 147.0.7727.55 | 147.0.7727.55 | |
| chrome | >= 147.0.7727.55 < 147.0.7727.55 | 147.0.7727.55 | |
| chrome_chrome | — | — | |
| paloalto | prisma_browser | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
Palo Alto
PAN-SA-2026-0007 Chromium and Prisma Browser: Monthly Vulnerability Update (May 2026)
vendor_paloalto·2026-05-13·CVSS 8.8
CVE-2026-4439 [HIGH] PAN-SA-2026-0007 Chromium and Prisma Browser: Monthly Vulnerability Update (May 2026)
PAN-SA-2026-0007 Chromium and Prisma Browser: Monthly Vulnerability Update (May 2026)
Palo Alto Networks incorporated the following Chromium security fixes into our products: https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_22.html https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html CVE Summary CVE-2026-4439 Out of bounds memory access in WebGL CVE-2026-4440 Out of bounds read and write in WebGL CVE-2026-4441 Use after free in Base CVE-2026-4442 Heap buffer overflow in
Chrome
Stable Channel Update for Desktop: CVE-2026-5912
vendor_chrome·2026-04-07·CVSS 8.8
CVE-2026-5912 [LOW] Stable Channel Update for Desktop: CVE-2026-5912
Stable Channel Update for Desktop
CVE-2026-5912: Integer overflow in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22 [TBD][ 487195286 ] Low CVE-2026-5913: Out of bounds read in Blink
Reported by Vitaly Simonovich on 2026-02-24 [TBD][ 490023239 ] Low CVE-2026-5914: Type Confusion in CSS
Severity: low
Red Hat
chromium-browser: Type Confusion in CSS
vendor_redhat·2026-04-07·CVSS 8.8
CVE-2026-5914 [HIGH] CWE-843 chromium-browser: Type Confusion in CSS
chromium-browser: Type Confusion in CSS
A type confusion flaw was found in the CSS component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=490023239
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Debian
CVE-2026-5914: chromium - Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacke...
vendor_debian·2026·CVSS 8.8
CVE-2026-5914 [HIGH] CVE-2026-5914: chromium - Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacke...
Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)
Scope: local
bookworm: open
bullseye: open
forky: open
sid: resolved (fixed in 147.0.7727.55-1)
trixie: open
VulDB
Google Chrome up to 146.0.7680.178 CSS type confusion (ID 490023 / Nessus ID 305979)
vuldb·2026-04-11·CVSS 8.8
CVE-2026-5914 [HIGH] Google Chrome up to 146.0.7680.178 CSS type confusion (ID 490023 / Nessus ID 305979)
A vulnerability marked as critical has been reported in Google Chrome. The impacted element is an unknown function of the component CSS. Performing a manipulation results in type confusion.
This vulnerability is identified as CVE-2026-5914. The attack can be initiated remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
GHSA
GHSA-7256-9fwc-879g: Type Confusion in CSS in Google Chrome prior to 147
ghsa_unreviewed·2026-04-09
CVE-2026-5914 [HIGH] CWE-843 GHSA-7256-9fwc-879g: Type Confusion in CSS in Google Chrome prior to 147
Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)
OSV
CVE-2026-5914: Type Confusion in CSS in Google Chrome prior to 147
osv·2026-04-08·CVSS 8.8
CVE-2026-5914 [HIGH] CVE-2026-5914: Type Confusion in CSS in Google Chrome prior to 147
Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)
No detection rules found.
No public exploits indexed.
Sans Isc
Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
blogs_sans_isc·2026-04-14·CVSS 8.8
[HIGH] Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
Microsoft Patch Tuesday April 2026.
Published: 2026-04-14. Last Updated: 2026-04-14 17:46:09 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)
This month's Microsoft Patch Tuesday looks like a record one, but let's look at it a bit closer to understand what is happening
The update patches a total of 243 vulnerabilities. However, 78 of them are Chromium issues affecting Microsoft Edge. Patches for Edge were released earlier. This leaves 165 vulnerabilities that are not Edge-related. Of these, 8 are rated critical, and 154 are important. One vulnerability has already been exploited, and another was made public before today but has not yet been seen in the wild.
Noteworthy Vulnerabilities:
CVE-2026-33827 (Windows TCP/IP Remote Code Execution Vulnerability): As a packet nerd, I love thes
Wiz
CVE-2026-5906 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-5906 [MEDIUM] CVE-2026-5906 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5906 :
Google Chrome vulnerability analysis and mitigation
Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
## 4.3
Score
Published April 8, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM No Fix Added at: Apr 09, 2026
Echo Severity MEDIUM No Fix Added at: A
Wiz
CVE-2026-5858 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5858 [HIGH] CVE-2026-5858 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5858 :
Google Chrome vulnerability analysis and mitigation
Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
## Ge
Wiz
CVE-2026-5886 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5886 [HIGH] CVE-2026-5886 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5886 :
Google Chrome vulnerability analysis and mitigation
Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Wi
Wiz
CVE-2026-5877 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5877 [HIGH] CVE-2026-5877 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5877 :
Google Chrome vulnerability analysis and mitigation
Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 0
Wiz
CVE-2026-5911 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-5911 [MEDIUM] CVE-2026-5911 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5911 :
Google Chrome vulnerability analysis and mitigation
Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
## 4.3
Score
Published April 8, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM No Fix Added at: Apr 09, 2026
Echo Severity MEDIUM No Fix Added at: Apr 09, 2026
Linux Severit
Wiz
CVE-2026-5915 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5915 [HIGH] CVE-2026-5915 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5915 :
Google Chrome vulnerability analysis and mitigation
Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
## 8.1
Score
Published April 8, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Apr 09, 2026
Echo Severity HIGH No Fix Added at: Apr 0
Wiz
CVE-2026-5864 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5864 [HIGH] CVE-2026-5864 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5864 :
Google Chrome vulnerability analysis and mitigation
Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows H
Wiz
CVE-2026-5866 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5866 [HIGH] CVE-2026-5866 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5866 :
Google Chrome vulnerability analysis and mitigation
Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
## 8.8
Score
Published April 8, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Apr 09, 2026
Echo Severity HIGH No Fix Added at: Apr 09, 2026
Linux Severity H
Wiz
CVE-2026-5892 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5892 [HIGH] CVE-2026-5892 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5892 :
Google Chrome vulnerability analysis and mitigation
Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at
Wiz
CVE-2026-5881 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5881 [HIGH] CVE-2026-5881 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5881 :
Google Chrome vulnerability analysis and mitigation
Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09,
Wiz
CVE-2026-5888 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5888 [HIGH] CVE-2026-5888 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5888 :
Google Chrome vulnerability analysis and mitigation
Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows H
Wiz
CVE-2026-5896 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5896 [HIGH] CVE-2026-5896 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5896 :
Google Chrome vulnerability analysis and mitigation
Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr
Wiz
CVE-2026-5859 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5859 [HIGH] CVE-2026-5859 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5859 :
Google Chrome vulnerability analysis and mitigation
Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 202
Wiz
CVE-2026-5903 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5903 [HIGH] CVE-2026-5903 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5903 :
Google Chrome vulnerability analysis and mitigation
Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: A
Wiz
CVE-2026-5875 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5875 [HIGH] CVE-2026-5875 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5875 :
Google Chrome vulnerability analysis and mitigation
Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
## Get a CVE risk
Wiz
CVE-2026-5872 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5872 [HIGH] CVE-2026-5872 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5872 :
Google Chrome vulnerability analysis and mitigation
Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
Wiz
CVE-2026-5894 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5894 [HIGH] CVE-2026-5894 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5894 :
Google Chrome vulnerability analysis and mitigation
Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 202
Wiz
CVE-2026-5863 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5863 [HIGH] CVE-2026-5863 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5863 :
Google Chrome vulnerability analysis and mitigation
Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: A
Wiz
CVE-2026-5878 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5878 [HIGH] CVE-2026-5878 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5878 :
Google Chrome vulnerability analysis and mitigation
Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
## Get a
Wiz
CVE-2026-5867 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5867 [HIGH] CVE-2026-5867 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5867 :
Google Chrome vulnerability analysis and mitigation
Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has
Wiz
CVE-2026-5891 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5891 [HIGH] CVE-2026-5891 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5891 :
Google Chrome vulnerability analysis and mitigation
Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09,
Wiz
CVE-2026-5879 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5879 [HIGH] CVE-2026-5879 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5879 :
Google Chrome vulnerability analysis and mitigation
Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
W
Wiz
CVE-2026-5914 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5914 [HIGH] CVE-2026-5914 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5914 :
Google Chrome vulnerability analysis and mitigation
Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)
Source : NVD
## 8.8
Score
Published April 8, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Apr 09, 2026
Echo Severity HIGH
Wiz
CVE-2026-5913 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5913 [HIGH] CVE-2026-5913 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5913 :
Google Chrome vulnerability analysis and mitigation
Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
Wiz
CVE-2026-5897 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5897 [HIGH] CVE-2026-5897 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5897 :
Google Chrome vulnerability analysis and mitigation
Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09,
Wiz
CVE-2026-5919 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5919 [HIGH] CVE-2026-5919 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5919 :
Google Chrome vulnerability analysis and mitigation
Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
## 6.5
Score
Published April 8, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM No Fix Added at: Apr 09, 2026
Echo
Wiz
CVE-2026-5882 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5882 [HIGH] CVE-2026-5882 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5882 :
Google Chrome vulnerability analysis and mitigation
Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
##
Wiz
CVE-2026-5883 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5883 [HIGH] CVE-2026-5883 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5883 :
Google Chrome vulnerability analysis and mitigation
Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 20
Wiz
CVE-2026-5902 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5902 [HIGH] CVE-2026-5902 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5902 :
Google Chrome vulnerability analysis and mitigation
Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows
Wiz
CVE-2026-5893 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5893 [HIGH] CVE-2026-5893 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5893 :
Google Chrome vulnerability analysis and mitigation
Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
## Get a CVE
Wiz
CVE-2026-5908 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5908 [HIGH] CVE-2026-5908 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5908 :
Google Chrome vulnerability analysis and mitigation
Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)
Source : NVD
## 8.8
Score
Published April 8, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Apr 09, 2026
Echo Severity HIGH No Fix Added at: Apr 09, 2026
Linux Severity HIG
Wiz
CVE-2026-5869 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5869 [HIGH] CVE-2026-5869 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5869 :
Google Chrome vulnerability analysis and mitigation
Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has
Wiz
CVE-2026-5895 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5895 [HIGH] CVE-2026-5895 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5895 :
Google Chrome vulnerability analysis and mitigation
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix A
Wiz
CVE-2026-5887 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5887 [HIGH] CVE-2026-5887 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5887 :
Google Chrome vulnerability analysis and mitigation
Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windo
Wiz
CVE-2026-5889 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5889 [HIGH] CVE-2026-5889 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5889 :
Google Chrome vulnerability analysis and mitigation
Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Ad
Wiz
CVE-2026-5871 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5871 [HIGH] CVE-2026-5871 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5871 :
Google Chrome vulnerability analysis and mitigation
Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
Wiz
CVE-2026-5912 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5912 [HIGH] CVE-2026-5912 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5912 :
Google Chrome vulnerability analysis and mitigation
Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
## 8.8
Score
Published April 8, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Apr 09, 2026
Echo Severity HIGH No Fix Added at: Apr 09, 2026
Linux Severity HI
Wiz
CVE-2026-5865 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5865 [HIGH] CVE-2026-5865 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5865 :
Google Chrome vulnerability analysis and mitigation
Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
Wiz
CVE-2026-5910 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5910 [HIGH] CVE-2026-5910 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5910 :
Google Chrome vulnerability analysis and mitigation
Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)
Source : NVD
## 8.8
Score
Published April 8, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Apr 09, 2026
Echo Severity HIGH No Fix Added at: Apr 09, 2026
Linux Severity HIG
Wiz
CVE-2026-5861 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5861 [HIGH] CVE-2026-5861 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5861 :
Google Chrome vulnerability analysis and mitigation
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
Wiz
CVE-2026-5862 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5862 [HIGH] CVE-2026-5862 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5862 :
Google Chrome vulnerability analysis and mitigation
Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: A
Wiz
CVE-2026-5870 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5870 [HIGH] CVE-2026-5870 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5870 :
Google Chrome vulnerability analysis and mitigation
Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 202
Wiz
CVE-2026-5874 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5874 [HIGH] CVE-2026-5874 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5874 :
Google Chrome vulnerability analysis and mitigation
Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Adde
Wiz
CVE-2026-5904 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5904 [HIGH] CVE-2026-5904 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5904 :
Google Chrome vulnerability analysis and mitigation
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09
Wiz
CVE-2026-5884 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5884 [HIGH] CVE-2026-5884 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5884 :
Google Chrome vulnerability analysis and mitigation
Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux
Wiz
CVE-2026-5899 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5899 [HIGH] CVE-2026-5899 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5899 :
Google Chrome vulnerability analysis and mitigation
Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09
Wiz
CVE-2026-5880 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5880 [HIGH] CVE-2026-5880 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5880 :
Google Chrome vulnerability analysis and mitigation
Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Ha
Wiz
CVE-2026-5876 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5876 [HIGH] CVE-2026-5876 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5876 :
Google Chrome vulnerability analysis and mitigation
Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr
Wiz
CVE-2026-5873 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5873 [HIGH] CVE-2026-5873 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5873 :
Google Chrome vulnerability analysis and mitigation
Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: A
Wiz
CVE-2026-5890 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5890 [HIGH] CVE-2026-5890 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5890 :
Google Chrome vulnerability analysis and mitigation
Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added
Wiz
CVE-2026-5868 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5868 [HIGH] CVE-2026-5868 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5868 :
Google Chrome vulnerability analysis and mitigation
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at:
Wiz
CVE-2026-5905 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-5905 [MEDIUM] CVE-2026-5905 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5905 :
Google Chrome vulnerability analysis and mitigation
Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
## 6.5
Score
Published April 8, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM No Fix Added at: Apr 09, 2026
Echo Severity MEDIUM No Fix Added at: Apr 09, 2026
Linu
Wiz
CVE-2026-5860 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5860 [HIGH] CVE-2026-5860 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5860 :
Google Chrome vulnerability analysis and mitigation
Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
Wiz
CVE-2026-5898 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5898 [HIGH] CVE-2026-5898 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5898 :
Google Chrome vulnerability analysis and mitigation
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
##
Wiz
CVE-2026-5885 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5885 [HIGH] CVE-2026-5885 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5885 :
Google Chrome vulnerability analysis and mitigation
Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix
Wiz
CVE-2026-5918 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5918 [HIGH] CVE-2026-5918 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5918 :
Google Chrome vulnerability analysis and mitigation
Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
## 4.3
Score
Published April 8, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM No Fix Added at: Apr 09, 2026
Echo Severity MEDIUM
Wiz
CVE-2026-5901 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5901 [HIGH] CVE-2026-5901 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5901 :
Google Chrome vulnerability analysis and mitigation
Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added a
Wiz
CVE-2026-5909 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5909 [HIGH] CVE-2026-5909 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5909 :
Google Chrome vulnerability analysis and mitigation
Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)
Source : NVD
## 8.8
Score
Published April 8, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Apr 09, 2026
Echo Severity HIGH No Fix Added at: Apr 09, 2026
Linux Severity HIG
Wiz
CVE-2026-5907 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2026-5907 [HIGH] CVE-2026-5907 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5907 :
Google Chrome vulnerability analysis and mitigation
Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Low)
Source : NVD
## 8.1
Score
Published April 8, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Apr 09, 2026
Echo Severity HIGH No Fix Added at: Apr 09, 2026
Linux
Wiz
CVE-2026-5900 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5900 [HIGH] CVE-2026-5900 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5900 :
Google Chrome vulnerability analysis and mitigation
Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download protections via a crafted HTML page. (Chromium security severity: Low)
Source : NVD
Published April 8, 2026
CNA Score N/A
Affected Technologies
Google Chrome
Chromium
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
chromium
cpe:2.3:a:google:chrome
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
Linux Has Fix Added at: Apr 09, 2026
Windows Has Fix Added at: Apr 09, 2026
Bugzilla
CVE-2026-5914 chromium-browser: Type Confusion in CSS
bugzilla·2026-04-08·CVSS 8.8
CVE-2026-5914 [HIGH] CVE-2026-5914 chromium-browser: Type Confusion in CSS
CVE-2026-5914 chromium-browser: Type Confusion in CSS
Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)
Bugzilla
CVE-2025-5914 mingw-libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c [fedora-42]
bugzilla·2025-06-09·CVSS 7.8
CVE-2025-5914 [HIGH] CVE-2025-5914 mingw-libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c [fedora-42]
CVE-2025-5914 mingw-libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c [fedora-42]
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2370861
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if
Bugzilla
CVE-2025-5914 rpi-imager: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c [fedora-42]
bugzilla·2025-06-09·CVSS 7.8
CVE-2025-5914 [HIGH] CVE-2025-5914 rpi-imager: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c [fedora-42]
CVE-2025-5914 rpi-imager: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c [fedora-42]
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2370861
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it re
2026-04-08
Published