Description
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)
Published: 2026-04-08
Score: n/a
EPSS: n/a
KEV: No
Impact: Heap Corruption
Action: Apply Patch
AI Analysis

Impact

A use‑after‑free flaw in the V8 engine can allow a crafted malicious Chrome Extension to corrupt heap memory. If the user installs such an extension, the resulting memory corruption could enable arbitrary code execution or other malicious activities. Chromium rates the issue as low severity and no known remote exploitation has been reported.

Affected Systems

The vulnerability affects Google Chrome browsers on all platforms that use V8 before version 147.0.7727.55. Users running any Chrome build prior to this revision are potentially exposed.

Risk and Exploitability

The CVSS score is not disclosed in the available data; Chromium lists the vulnerability as low severity. EPSS information is missing and the issue is not included in the CISA KEV catalog. Attackers would need to persuade a user to install a malicious extension, a social‑engineering-based vector. No publicly available exploits are known, so the practical risk is moderate.

Generated by OpenCVE AI on April 8, 2026 at 22:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome to version 147.0.7727.55 or later

Generated by OpenCVE AI on April 8, 2026 at 22:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Title V8 Use‑After‑Free via Malicious Chrome Extension
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 08 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-04-08T21:21:00.932Z

Reserved: 2026-04-08T19:34:43.875Z

Link: CVE-2026-5904

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-08T22:16:30.287

Modified: 2026-04-08T22:16:30.287

Link: CVE-2026-5904

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:26:14Z

Weaknesses