Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Chrome | affected |
|
No data.
No data.
No data.
Subscriptions
No data.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 20 Mar 2026 02:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |
| Weaknesses | CWE-416 | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: Chrome
Published:
Updated: 2026-03-20T01:34:54.164Z
Reserved: 2026-03-19T20:23:52.337Z
Link: CVE-2026-4456
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-03-20T02:16:38.780
Modified: 2026-03-20T02:16:38.780
Link: CVE-2026-4456
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses