top of page
perceptive_background_267k.jpg

Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform…

Published:

31 maart 2026 om 22:00:00

Alert date:

1 april 2026 om 15:04:53

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

A use-after-free vulnerability in Google Chrome's Compositing component affects versions prior to 146.0.7680.178. The vulnerability allows remote attackers who have already compromised the renderer process to potentially escape the sandbox through a specially crafted HTML page. This represents a high-severity security issue that could enable privilege escalation attacks. The vulnerability requires prior renderer compromise but can lead to full sandbox escape. Google has addressed this issue in Chrome version 146.0.7680.178 and later.

Technical details

Mitigation steps:

Affected products:

Google Chrome

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-5290
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html
https://issues.chromium.org/issues/496205576

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page