Description
Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Published: 2026-04-01
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A use after free bug in Chrome's CSS engine permits a remote attacker to load a specially crafted HTML file that triggers a memory corruption in the sandboxed browsing context. The flaw originates from an uninitialized pointer that is freed and later accessed by the rendering engine. Exploiting this vulnerability allows the attacker to execute arbitrary code inside the browser sandbox, which could then be used to bypass sandbox constraints and gain higher privileges or access sensitive data. The issue is classified as High severity within Chromium's internal risk assessment.

Affected Systems

The flaw affects all major builds of Google Chrome that precede update 146.0.7680.178. The vulnerability is platform independent and is present on Windows, macOS, and Linux installations, as indicated by the included CPE identifiers. Any user running a vulnerable version of Chrome is potentially exposed.

Risk and Exploitability

The CVSS score of 6.3 indicates a moderate level of severity, and the EPSS score of less than 1% suggests that the likelihood of exploitation in the wild is currently low. The vulnerability is not yet listed in the CISA KEV catalog, and no public proof‑of‑concept exploits have been reported. However, because the flaw requires a user to open a crafted web page, it is exploitable in drive‑by scenarios or through phishing links, making the risk significant for users who frequently visit untrusted sites.

Generated by OpenCVE AI on April 2, 2026 at 04:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome to version 146.0.7680.178 or later; verify that the update has been applied.

Generated by OpenCVE AI on April 2, 2026 at 04:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6192-1 chromium security update
History

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Title chromium-browser: Use after free in CSS
First Time appeared Apple
Apple macos
Google
Google chrome
Linux
Linux linux Kernel
Microsoft
Microsoft windows
Weaknesses CWE-825
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Google
Google chrome
Linux
Linux linux Kernel
Microsoft
Microsoft windows
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

threat_severity

Important

Wed, 01 Apr 2026 05:00:00 +0000

Type Values Removed Values Added
Description Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-04-02T03:55:52.264Z

Reserved: 2026-03-31T20:07:10.730Z

Link: CVE-2026-5273

cve-icon Vulnrichment

Updated: 2026-04-01T13:47:29.709Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-01T05:16:00.427

Modified: 2026-04-01T16:36:13.133

Link: CVE-2026-5273

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-31T00:00:00Z

Links: CVE-2026-5273 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:18:14Z

Weaknesses