CVE-2026-3539 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: March 5, 2026
Google Chrome - Use After Free
Overview
Google Chrome < 145.0.7632.159 contains an object lifecycle issue in DevTools caused by improper handling of extension objects, letting attackers exploit heap corruption via crafted malicious extensions, exploit requires user to install malicious extension.
Severity & Score
Impact
Attackers can exploit heap corruption via malicious extensions, potentially leading to arbitrary code execution or browser compromise.
Mitigation
Update to version 145.0.7632.159 or later.
References
Social Media Activity(1 post)
š CVE-2026-3539 - High (8.8) Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severit... š https://www.thehackerwire.com/vulnerability/CVE-2026-3539/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-3539
- Severity
- High
- CVSS Score
- 8.8
- Type
- use_after_free
- Status
- unconfirmed
- EPSS
- 0.7%
- Social Posts
- 1
CWE
- CWE-1091
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H