CVE-2026-5288 - Vulnerability Analysis
CriticalCVSS: 9.6Last Updated: April 1, 2026
Google Chrome - Use After Free
Overview
Google Chrome on Android < 146.0.7680.178 contains a use after free vulnerability in WebView, caused by improper memory handling, letting remote attackers with compromised renderer process potentially escape sandbox via crafted HTML page.
Severity & Score
Impact
Remote attackers with compromised renderer process can escape sandbox, leading to potential full system compromise.
Mitigation
Update to version 146.0.7680.178 or later.
References
Social Media Activity(2 posts)
š“ CVE-2026-5288 - Critical (9.6) Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) š https://www.thehackerwire.com/vulnerability/CVE-2026-5288/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-5288 - Critical (9.6) Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) š https://www.thehackerwire.com/vulnerability/CVE-2026-5288/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-5288
- Severity
- Critical
- CVSS Score
- 9.6
- Type
- use_after_free
- Status
- confirmed
- EPSS
- 3.2%
- Social Posts
- 2
CWE
- CWE-416
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H