Description
Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-04-01
Score: 9.6 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A use‑after‑free flaw in the navigation logic of Google Chrome allows an attacker who has already compromised the renderer process to escape the sandbox. The exploitation vector is a crafted HTML page that triggers the vulnerability, potentially enabling an attacker to execute arbitrary code with kernel privileges. The weakness is a classic use‑after‑free, variant of CWE‑416, and carries the full impact of a remote code execution on the affected system.

Affected Systems

Google Chrome browsers prior to version 146.0.7680.178 on Windows, macOS, and Linux platforms are affected. The flaw exists in the renderer process and is present across all supported operating systems.

Risk and Exploitability

The CVSS score of 9.6 indicates high severity, but the EPSS score of less than 1% suggests low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog, implying no known widespread exploitation. An attacker would need to deliver a malicious HTML page to a compromised renderer process, which means the threat is most relevant for users who have already been partially compromised or who inadvertently load untrusted content.

Generated by OpenCVE AI on April 2, 2026 at 04:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 146.0.7680.178 or later.

Generated by OpenCVE AI on April 2, 2026 at 04:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6192-1 chromium security update
History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome Navigation Enables Sandbox Escape

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Google
Google chrome
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Google
Google chrome
Linux
Linux linux Kernel
Microsoft
Microsoft windows
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 05:00:00 +0000

Type Values Removed Values Added
Description Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-04-02T03:55:39.911Z

Reserved: 2026-03-31T20:07:15.571Z

Link: CVE-2026-5289

cve-icon Vulnrichment

Updated: 2026-04-01T13:49:37.683Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T05:16:02.480

Modified: 2026-04-01T16:40:59.350

Link: CVE-2026-5289

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:18:11Z

Weaknesses