LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-5286

CVE-2026-5286 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: April 1, 2026

Google Chrome - Use After Free

Published: April 1, 2026Updated: April 1, 2026Remote Exploitable

Overview

Google Chrome < 146.0.7680.178 contains a use after free caused by improper memory handling in Dawn, letting remote attackers execute arbitrary code via crafted HTML pages, exploit requires no special privileges.

Severity & Score

Severity: High
CVSS Score: 8.8
EPSS Score: 3.8%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary code, potentially leading to full system compromise.

Mitigation

Update to version 146.0.7680.178 or later.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Apr 1, 2026

🟠 CVE-2026-5286 - High (8.8) Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5286/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
Offensive Sequence
Offensive Sequence
@offseq
Apr 1, 2026

⚠️ CVE-2026-5286: HIGH severity use-after-free in Chrome’s Dawn component <146.0.7680.178. Remote code execution possible via crafted HTML. Patch now to stay protected! https://radar.offseq.com/threat/cve-2026-5286-use-after-free-in-google-chrome-34aabe80 #OffSeq #Chrome #Vuln #InfoSec

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Apr 1, 2026

🟠 CVE-2026-5286 - High (8.8) Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5286/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
Offensive Sequence
Offensive Sequence
@offseq
Apr 1, 2026

⚠️ CVE-2026-5286: HIGH severity use-after-free in Chrome’s Dawn component <146.0.7680.178. Remote code execution possible via crafted HTML. Patch now to stay protected! https://radar.offseq.com/threat/cve-2026-5286-use-after-free-in-google-chrome-34aabe80 #OffSeq #Chrome #Vuln #InfoSec

View original post

Related Resources

Details

CVE ID
CVE-2026-5286
Severity
High
CVSS Score
8.8
Type
use_after_free
Status
unconfirmed
EPSS
3.8%
Social Posts
4

CWE

  • CWE-416

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

3.8%Probability of exploitation in the next 30 days