Description
Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-04-08
Score: n/a
EPSS: n/a
KEV: No
Impact: Remote Code Execution within sandbox
Action: Immediate Patch
AI Analysis

Impact

A use‑after‑free flaw exists in the Media component of Google Chrome. By serving a specially crafted HTML document, an attacker can trigger the vulnerability and execute arbitrary code inside the browser’s sandbox. The weakness corresponds to CWE‑416 and permits the attacker to compromise confidentiality, integrity, and availability of the infected machine.

Affected Systems

All desktop installations of Google Chrome prior to version 147.0.7727.55 are affected. The issue applies across operating systems that run the Chrome browser.

Risk and Exploitability

The vulnerability carries a medium severity rating. No EPSS score is available and it has not been listed in the CISA KEV catalog. Exploitation requires that a victim open or load a malicious HTML page in an affected Chrome instance; the attacker does not need elevated privileges or additional footholds. Given its nature, the risk is significant for users who visit untrusted web content.

Generated by OpenCVE AI on April 8, 2026 at 22:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 147.0.7727.55 or later
  • Enable automatic updates to receive future patches promptly
  • Avoid navigating to unknown or suspicious web pages in older Chrome versions

Generated by OpenCVE AI on April 8, 2026 at 22:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Media Enables Remote Code Execution via Crafted HTML
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 08 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-04-08T21:20:50.427Z

Reserved: 2026-04-08T19:34:38.216Z

Link: CVE-2026-5883

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-08T22:16:27.940

Modified: 2026-04-08T22:16:27.940

Link: CVE-2026-5883

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:26:43Z

Weaknesses