Home / Vulnerability Intelligence / CVE-2026-4458

CVE-2026-4458 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 20, 2026

Google Chrome - Use After Free

Published: March 20, 2026Updated: March 20, 2026Remote Exploitable

Overview

Google Chrome < 146.0.7680.153 contains a use after free vulnerability in Extensions, caused by heap corruption via crafted Chrome Extension, letting attackers exploit heap corruption after convincing users to install malicious extensions.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 2.7%(Probability of exploitation in next 30 days)

Impact

Attackers can exploit heap corruption to execute arbitrary code or crash the browser, potentially compromising user security.

Mitigation

Update to version 146.0.7680.153 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 22, 2026

🟠 CVE-2026-4458 - High (8.8) Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4458/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-4458
Severity: High
CVSS Score: 8.8
Type: use_after_free
Status: confirmed
EPSS: 2.7%
Social Posts: 1

CWE

CWE-416

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

2.7%Probability of exploitation in the next 30 days