Home / Vulnerability Intelligence / CVE-2026-3539

CVE-2026-3539 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 4, 2026

Google Chrome - Use After Free

Published: March 4, 2026Updated: March 4, 2026Remote Exploitable

Overview

Google Chrome < 145.0.7632.159 contains an object lifecycle issue in DevTools caused by improper handling of extension objects, letting attackers exploit heap corruption via crafted malicious extensions, exploit requires user to install malicious extension.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Attackers can exploit heap corruption via malicious extensions, potentially leading to arbitrary code execution or browser compromise.

Mitigation

Update to version 145.0.7632.159 or later.

References

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html
https://issues.chromium.org/issues/483853098

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-3539
Severity: High
CVSS Score: 8.8
Type: use_after_free
Status: new

CWE

CWE-1091

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H