Description
Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)
Published: 2026-04-08
Score: n/a
EPSS: n/a
KEV: No
Impact: Potential heap corruption via malicious extension
Action: Update Chrome
AI Analysis

Impact

A type confusion bug within the CSS engine of Google Chrome could allow a malicious browser extension, obtained by convincing a user to install it, to corrupt the heap. Such corruption can destabilize the browser process or provide a foothold for further exploitation, compromising memory safety of the browser's core components.

Affected Systems

Chrome versions before 147.0.7727.55 on desktop platforms are vulnerable. Users of the stable channel should install the 147.0.7727.55 update or later to eliminate the issue.

Risk and Exploitability

The vulnerability carries a low Chromium severity rating and is not included in the KEV catalog; no EPSS score is available. Exploitation requires a malicious extension and user interaction to install it. Since the bug involves heap corruption, successful exploitation could lead to memory corruption within the browser, potentially enabling arbitrary code execution in the context of the compromised process, but the overall risk remains low under current conditions.

Generated by OpenCVE AI on April 8, 2026 at 22:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 147.0.7727.55 or later
  • Restrict Chrome extensions to trusted sources only
  • Review and limit the permissions requested by each extension before installation

Generated by OpenCVE AI on April 8, 2026 at 22:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Title Type Confusion in CSS Leading to Heap Corruption via Malicious Chrome Extension
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 08 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)
Weaknesses CWE-843
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-04-08T21:21:06.501Z

Reserved: 2026-04-08T19:34:46.841Z

Link: CVE-2026-5914

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-08T22:16:31.343

Modified: 2026-04-08T22:16:31.343

Link: CVE-2026-5914

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:26:04Z

Weaknesses