Home / Vulnerability Intelligence / CVE-2026-4456

CVE-2026-4456 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 20, 2026

Google Chrome - Use After Free

Published: March 20, 2026Updated: March 20, 2026Remote Exploitable

Overview

Google Chrome < 146.0.7680.153 contains a use after free vulnerability in Digital Credentials API, letting remote attackers with compromised renderer process potentially perform sandbox escape via crafted HTML page.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 10.1%(Probability of exploitation in next 30 days)

Impact

Remote attackers with compromised renderer process can escape sandbox, leading to higher privilege code execution.

Mitigation

Update to version 146.0.7680.153 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 22, 2026

🟠 CVE-2026-4456 - High (8.8) Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4456/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-4456
Severity: High
CVSS Score: 8.8
Type: use_after_free
Status: confirmed
EPSS: 10.1%
Social Posts: 1

CWE

CWE-416

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

10.1%Probability of exploitation in the next 30 days