CVE-2026-7358
published 2026-04-28CVE-2026-7358: Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | < 147.0.7727.138 | 147.0.7727.138 | |
| chrome | >= 147.0.7727.138 < 147.0.7727.138 | 147.0.7727.138 | |
| chrome_desktop | — | — |
Red Hat
chromium-browser: Use after free in Animation
vendor_redhat·2026-04-28·CVSS 9.6
CVE-2026-7358 [HIGH] CWE-825 chromium-browser: Use after free in Animation
chromium-browser: Use after free in Animation
An use after free flaw was found in the Animation component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=496285281
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Chrome
Stable Channel Update for Desktop: CVE-2026-7359
vendor_chrome·2026-04-28
CVE-2026-7359 [HIGH] Stable Channel Update for Desktop: CVE-2026-7359
Stable Channel Update for Desktop
CVE-2026-7359: Use after free in ANGLE. Reported by Google on 2026-03-25 [TBD][ 496285281 ] High CVE-2026-7358: Use after free in Animation
Reported by Google on 2026-03-25 [TBD][ 496456528 ] High CVE-2026-7334: Use after free in Views
Severity: high
VulDB
Google Chrome up to 147.0.7727.117 Animation use after free (ID 496285 / Nessus ID 310944)
vuldb·2026-04-30
CVE-2026-7358 [CRITICAL] Google Chrome up to 147.0.7727.117 Animation use after free (ID 496285 / Nessus ID 310944)
A vulnerability classified as critical has been found in Google Chrome. Impacted is an unknown function of the component Animation. This manipulation causes use after free.
The identification of this vulnerability is CVE-2026-7358. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
GHSA
GHSA-h8j7-wc37-pr97: Use after free in Animation in Google Chrome prior to 147
ghsa_unreviewed·2026-04-29
CVE-2026-7358 [HIGH] CWE-416 GHSA-h8j7-wc37-pr97: Use after free in Animation in Google Chrome prior to 147
Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
No detection rules found.
No public exploits indexed.
2026-04-28
Published