Description
Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-04-08
Score: 9.6 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Sandbox Escape
Action: Immediate Patch
AI Analysis

Impact

A use‑after‑free flaw in PrivateAI allows a remote attacker to craft an HTML page that, if a user engages in specific UI gestures, may escape Chromium’s sandbox. This leads to non‑trusted content gaining unrestricted access to system resources, effectively enabling remote code execution. The vulnerability is classified as CWE‑416 and involves an uncontrolled resource consumption issue (CWE‑825). The security severity is marked as Medium, but the CVSS score of 9.6 indicates a critical potential impact on confidentiality, integrity, and availability.

Affected Systems

The flaw affects Google Chrome versions prior to 147.0.7727.55. All users running the stable channel before that build are susceptible. Upgrading to the latest stable release mitigates the issue.

Risk and Exploitability

With a CVSS score of 9.6 and an EPSS of less than 1%, the exploit probability is low but significant enough to warrant immediate action. The vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread exploitation yet. An attacker requires the victim to open a crafted HTML page and perform certain UI gestures, indicating a social‑engineering component to trigger the sandbox escape.

Generated by OpenCVE AI on April 10, 2026 at 01:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 147.0.7727.55 or newer.

Generated by OpenCVE AI on April 10, 2026 at 01:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6205-1 chromium security update
History

Sat, 11 Apr 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Title Use‑after‑free in Chrome PrivateAI Allows Sandbox Escape Google Chrome: Chromium: Google Chrome: Sandbox escape via use-after-free in PrivateAI
Weaknesses CWE-825
References
Metrics threat_severity

None

 cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

threat_severity

Important

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Title Use‑after‑free in Chrome PrivateAI Allows Sandbox Escape
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 08 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-04-11T02:59:10.879Z

Reserved: 2026-04-08T19:34:36.131Z

Link: CVE-2026-5874

cve-icon Vulnrichment

Updated: 2026-04-11T02:59:04.201Z

cve-icon NVD

Status : Received

Published: 2026-04-08T22:16:27.003

Modified: 2026-04-11T04:17:10.930

Link: CVE-2026-5874

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-08T21:20:46Z

Links: CVE-2026-5874 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:40:26Z

Weaknesses