CVE-2026-5290 - Vulnerability Analysis
CriticalCVSS: 9.6Last Updated: April 1, 2026
Google Chrome - Use After Free
Overview
Google Chrome < 146.0.7680.178 contains a use after free vulnerability in Compositing, letting remote attackers who compromised the renderer process potentially perform sandbox escape via crafted HTML, exploit requires compromised renderer process.
Severity & Score
Impact
Attackers with renderer process access can escape sandbox, potentially gaining higher privileges and full system control.
Mitigation
Update to version 146.0.7680.178 or later.
References
Social Media Activity(2 posts)
š“ CVE-2026-5290 - Critical (9.6) Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) š https://www.thehackerwire.com/vulnerability/CVE-2026-5290/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-5290 - Critical (9.6) Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) š https://www.thehackerwire.com/vulnerability/CVE-2026-5290/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-5290
- Severity
- Critical
- CVSS Score
- 9.6
- Type
- use_after_free
- Status
- confirmed
- EPSS
- 3.5%
- Social Posts
- 2
CWE
- CWE-416
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H