Vulnerability-Lookup

WID-SEC-W-2026-0808

Vulnerability from csaf_certbund - Published: 2026-03-19 23:00 - Updated: 2026-03-31 22:00

Summary

Google Chrome/Microsoft Edge: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Chrome ist ein Internet-Browser von Google. Edge ist ein Internet-Browser von Microsoft.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Google Chrome/Microsoft Edge ausnutzen, um nicht näher definierte Angriffe durchzuführen, darunter möglicherweise Codeausführung, Umgehung von Sicherheitsmaßnahmen, Denial-of-Service, Offenlegung von Informationen und Datenmanipulation.

Betroffene Betriebssysteme: - Linux - MacOS X - Windows

CVE-2026-4439

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4440

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4441

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4442

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4443

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4444

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4445

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4446

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4447

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4448

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4449

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4450

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4451

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4452

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4453

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4454

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4455

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4456

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4457

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4458

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4459

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4460

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4461

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4462

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4463

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

CVE-2026-4464

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <146.0.7680.153 Google / Chrome		<146.0.7680.153
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Microsoft Edge <146.0.3856.72 Microsoft / Edge		<146.0.3856.72
Google Chrome <146.0.7680.154 Google / Chrome		<146.0.7680.154

References

21 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://chromereleases.googleblog.com/2026/03/sta…	external
https://lists.opensuse.org/archives/list/security…	external
https://security-tracker.debian.org/tracker/DSA-6171-1	external
https://lists.opensuse.org/archives/list/security…	external
https://learn.microsoft.com/en-us/deployedge/micr…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://lists.opensuse.org/archives/list/security…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Chrome ist ein Internet-Browser von Google.\r\nEdge ist ein Internet-Browser von Microsoft.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Google Chrome/Microsoft Edge ausnutzen, um nicht n\u00e4her definierte Angriffe durchzuf\u00fchren, darunter m\u00f6glicherweise Codeausf\u00fchrung, Umgehung von Sicherheitsma\u00dfnahmen, Denial-of-Service, Offenlegung von Informationen und Datenmanipulation.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0808 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0808.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0808 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0808"
      },
      {
        "category": "external",
        "summary": "Google Chrome Stable Channel Update for Desktop vom 2026-03-19",
        "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:0094-1 vom 2026-03-23",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BCTTERHAVCFNL74BDMNIICR6XU4DGM4X/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6171 vom 2026-03-21",
        "url": "https://security-tracker.debian.org/tracker/DSA-6171-1"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:0093-1 vom 2026-03-23",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/D3XIUZWBA7TDMH67RP6ORSMKVH5WT5IQ/"
      },
      {
        "category": "external",
        "summary": "Release notes for Microsoft Edge Security Updates vom 2026-03-22",
        "url": "https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#march-20-2026"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-920DF14FB5 vom 2026-03-23",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-920df14fb5"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2026-BBE33449CA vom 2026-03-24",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-bbe33449ca"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2026-BC78883AA2 vom 2026-03-24",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-bc78883aa2"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-3BED78D162 vom 2026-03-23",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-3bed78d162"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2026-15C183AAD4 vom 2026-03-24",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-15c183aad4"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2026-2858FE90AA vom 2026-03-24",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-2858fe90aa"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-AE897EB928 vom 2026-03-23",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-ae897eb928"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-CC466CFB57 vom 2026-03-25",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-cc466cfb57"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2026-D3092556AB vom 2026-03-25",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-d3092556ab"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2026-034DDDC133 vom 2026-03-25",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-034dddc133"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:20422-1 vom 2026-03-28",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GYEYHIR6ZR6YAERHSX3QDEHVB74SHRD4/"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-1D6DA76BBA vom 2026-03-31",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-1d6da76bba"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-A67EBA175F vom 2026-03-31",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-a67eba175f"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-6188CC51BE vom 2026-03-31",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-6188cc51be"
      }
    ],
    "source_lang": "en-US",
    "title": "Google Chrome/Microsoft Edge: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-31T22:00:00.000+00:00",
      "generator": {
        "date": "2026-04-01T09:22:23.310+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0808",
      "initial_release_date": "2026-03-19T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-03-19T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-03-22T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Microsoft, openSUSE und Debian aufgenommen"
        },
        {
          "date": "2026-03-23T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2026-03-24T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2026-03-29T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-03-31T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Fedora aufgenommen"
        }
      ],
      "status": "final",
      "version": "6"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c146.0.7680.153",
                "product": {
                  "name": "Google Chrome \u003c146.0.7680.153",
                  "product_id": "T051979"
                }
              },
              {
                "category": "product_version",
                "name": "146.0.7680.153",
                "product": {
                  "name": "Google Chrome 146.0.7680.153",
                  "product_id": "T051979-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:google:chrome:146.0.7680.153"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c146.0.7680.154",
                "product": {
                  "name": "Google Chrome \u003c146.0.7680.154",
                  "product_id": "T051980"
                }
              },
              {
                "category": "product_version",
                "name": "146.0.7680.154",
                "product": {
                  "name": "Google Chrome 146.0.7680.154",
                  "product_id": "T051980-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:google:chrome:146.0.7680.154"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Chrome"
          }
        ],
        "category": "vendor",
        "name": "Google"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c146.0.3856.72",
                "product": {
                  "name": "Microsoft Edge \u003c146.0.3856.72",
                  "product_id": "T052001"
                }
              },
              {
                "category": "product_version",
                "name": "146.0.3856.72",
                "product": {
                  "name": "Microsoft Edge 146.0.3856.72",
                  "product_id": "T052001-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:edge:146.0.3856.72"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Edge"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-4439",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4439"
    },
    {
      "cve": "CVE-2026-4440",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4440"
    },
    {
      "cve": "CVE-2026-4441",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4441"
    },
    {
      "cve": "CVE-2026-4442",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4442"
    },
    {
      "cve": "CVE-2026-4443",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4443"
    },
    {
      "cve": "CVE-2026-4444",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4444"
    },
    {
      "cve": "CVE-2026-4445",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4445"
    },
    {
      "cve": "CVE-2026-4446",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4446"
    },
    {
      "cve": "CVE-2026-4447",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4447"
    },
    {
      "cve": "CVE-2026-4448",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4448"
    },
    {
      "cve": "CVE-2026-4449",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4449"
    },
    {
      "cve": "CVE-2026-4450",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4450"
    },
    {
      "cve": "CVE-2026-4451",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4451"
    },
    {
      "cve": "CVE-2026-4452",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4452"
    },
    {
      "cve": "CVE-2026-4453",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4453"
    },
    {
      "cve": "CVE-2026-4454",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4454"
    },
    {
      "cve": "CVE-2026-4455",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4455"
    },
    {
      "cve": "CVE-2026-4456",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4456"
    },
    {
      "cve": "CVE-2026-4457",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4457"
    },
    {
      "cve": "CVE-2026-4458",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4458"
    },
    {
      "cve": "CVE-2026-4459",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4459"
    },
    {
      "cve": "CVE-2026-4460",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4460"
    },
    {
      "cve": "CVE-2026-4461",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4461"
    },
    {
      "cve": "CVE-2026-4462",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4462"
    },
    {
      "cve": "CVE-2026-4463",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4463"
    },
    {
      "cve": "CVE-2026-4464",
      "product_status": {
        "known_affected": [
          "2951",
          "T051979",
          "T027843",
          "74185",
          "T052001",
          "T051980"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-4464"
    }
  ]
}

CVE-2026-4439 (GCVE-0-2026-4439)

Vulnerability from cvelistv5 – Published: 2026-03-20 01:34 – Updated: 2026-03-21 04:01

Summary

Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

Out of bounds memory access
CWE-125 - Out-of-bounds Read
CWE-787 - Out-of-bounds Write

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/03/sta…
https://issues.chromium.org/issues/475877320

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 146.0.7680.153 , < 146.0.7680.153 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4439",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-21T04:01:30.689Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "146.0.7680.153",
              "status": "affected",
              "version": "146.0.7680.153",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out of bounds memory access",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-20T01:34:43.403Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"
        },
        {
          "url": "https://issues.chromium.org/issues/475877320"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-4439",
    "datePublished": "2026-03-20T01:34:43.403Z",
    "dateReserved": "2026-03-19T20:23:47.193Z",
    "dateUpdated": "2026-03-21T04:01:30.689Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4440 (GCVE-0-2026-4440)

Vulnerability from cvelistv5 – Published: 2026-03-20 01:34 – Updated: 2026-03-21 04:01

Summary

Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Critical)

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

Out of bounds read and write
CWE-125 - Out-of-bounds Read
CWE-787 - Out-of-bounds Write

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/03/sta…
https://issues.chromium.org/issues/485935305

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 146.0.7680.153 , < 146.0.7680.153 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4440",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-21T04:01:31.838Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "146.0.7680.153",
              "status": "affected",
              "version": "146.0.7680.153",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Critical)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out of bounds read and write",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-20T01:34:44.077Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"
        },
        {
          "url": "https://issues.chromium.org/issues/485935305"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-4440",
    "datePublished": "2026-03-20T01:34:44.077Z",
    "dateReserved": "2026-03-19T20:23:47.604Z",
    "dateUpdated": "2026-03-21T04:01:31.838Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4441 (GCVE-0-2026-4441)

Vulnerability from cvelistv5 – Published: 2026-03-20 01:34 – Updated: 2026-03-21 04:01

Summary

Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use after free

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/03/sta…
https://issues.chromium.org/issues/489381399

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 146.0.7680.153 , < 146.0.7680.153 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4441",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-21T04:01:24.650Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "146.0.7680.153",
              "status": "affected",
              "version": "146.0.7680.153",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use after free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-20T01:34:44.671Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"
        },
        {
          "url": "https://issues.chromium.org/issues/489381399"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-4441",
    "datePublished": "2026-03-20T01:34:44.671Z",
    "dateReserved": "2026-03-19T20:23:48.029Z",
    "dateUpdated": "2026-03-21T04:01:24.650Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4442 (GCVE-0-2026-4442)

Vulnerability from cvelistv5 – Published: 2026-03-20 01:34 – Updated: 2026-03-21 04:01

Summary

Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-122 - Heap buffer overflow

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/03/sta…
https://issues.chromium.org/issues/484751092

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 146.0.7680.153 , < 146.0.7680.153 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4442",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-21T04:01:23.380Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "146.0.7680.153",
              "status": "affected",
              "version": "146.0.7680.153",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap buffer overflow",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-20T01:34:45.297Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"
        },
        {
          "url": "https://issues.chromium.org/issues/484751092"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-4442",
    "datePublished": "2026-03-20T01:34:45.297Z",
    "dateReserved": "2026-03-19T20:23:48.592Z",
    "dateUpdated": "2026-03-21T04:01:23.380Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4443 (GCVE-0-2026-4443)

Vulnerability from cvelistv5 – Published: 2026-03-20 01:34 – Updated: 2026-03-21 04:01

Summary

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-122 - Heap buffer overflow

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/03/sta…
https://issues.chromium.org/issues/485292589

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 146.0.7680.153 , < 146.0.7680.153 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4443",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-21T04:01:32.995Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "146.0.7680.153",
              "status": "affected",
              "version": "146.0.7680.153",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap buffer overflow",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-20T01:34:45.861Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"
        },
        {
          "url": "https://issues.chromium.org/issues/485292589"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-4443",
    "datePublished": "2026-03-20T01:34:45.861Z",
    "dateReserved": "2026-03-19T20:23:48.877Z",
    "dateUpdated": "2026-03-21T04:01:32.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4444 (GCVE-0-2026-4444)

Vulnerability from cvelistv5 – Published: 2026-03-20 01:34 – Updated: 2026-03-21 04:01

Summary

Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-121 - Stack buffer overflow

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/03/sta…
https://issues.chromium.org/issues/486349161

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 146.0.7680.153 , < 146.0.7680.153 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4444",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-21T04:01:34.131Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "146.0.7680.153",
              "status": "affected",
              "version": "146.0.7680.153",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack buffer overflow",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-20T01:34:46.432Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"
        },
        {
          "url": "https://issues.chromium.org/issues/486349161"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-4444",
    "datePublished": "2026-03-20T01:34:46.432Z",
    "dateReserved": "2026-03-19T20:23:49.144Z",
    "dateUpdated": "2026-03-21T04:01:34.131Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4445 (GCVE-0-2026-4445)

Vulnerability from cvelistv5 – Published: 2026-03-20 01:34 – Updated: 2026-03-21 04:01

Summary

Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use after free

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/03/sta…
https://issues.chromium.org/issues/486421953

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 146.0.7680.153 , < 146.0.7680.153 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4445",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-21T04:01:22.170Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "146.0.7680.153",
              "status": "affected",
              "version": "146.0.7680.153",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use after free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-20T01:34:47.124Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"
        },
        {
          "url": "https://issues.chromium.org/issues/486421953"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-4445",
    "datePublished": "2026-03-20T01:34:47.124Z",
    "dateReserved": "2026-03-19T20:23:49.653Z",
    "dateUpdated": "2026-03-21T04:01:22.170Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4446 (GCVE-0-2026-4446)

Vulnerability from cvelistv5 – Published: 2026-03-20 01:34 – Updated: 2026-03-21 04:01

Summary

Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use after free

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/03/sta…
https://issues.chromium.org/issues/486421954

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 146.0.7680.153 , < 146.0.7680.153 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4446",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-21T04:01:21.007Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "146.0.7680.153",
              "status": "affected",
              "version": "146.0.7680.153",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use after free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-20T01:34:47.750Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"
        },
        {
          "url": "https://issues.chromium.org/issues/486421954"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-4446",
    "datePublished": "2026-03-20T01:34:47.750Z",
    "dateReserved": "2026-03-19T20:23:49.946Z",
    "dateUpdated": "2026-03-21T04:01:21.007Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4447 (GCVE-0-2026-4447)

Vulnerability from cvelistv5 – Published: 2026-03-20 01:34 – Updated: 2026-06-10 19:34

Summary

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

Inappropriate implementation
CWE-693 - Protection Mechanism Failure

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/03/sta…
https://issues.chromium.org/issues/486657483

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 146.0.7680.153 , < 146.0.7680.153 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4447",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-21T04:01:20.606164Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-693",
                "description": "CWE-693 Protection Mechanism Failure",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T19:34:37.590Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "146.0.7680.153",
              "status": "affected",
              "version": "146.0.7680.153",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Inappropriate implementation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-20T01:34:48.387Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"
        },
        {
          "url": "https://issues.chromium.org/issues/486657483"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-4447",
    "datePublished": "2026-03-20T01:34:48.387Z",
    "dateReserved": "2026-03-19T20:23:50.155Z",
    "dateUpdated": "2026-06-10T19:34:37.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4448 (GCVE-0-2026-4448)

Vulnerability from cvelistv5 – Published: 2026-03-20 01:34 – Updated: 2026-03-21 04:01

Summary

Heap buffer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-122 - Heap buffer overflow

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/03/sta…
https://issues.chromium.org/issues/486972661

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 146.0.7680.153 , < 146.0.7680.153 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4448",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-21T04:01:18.683Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "146.0.7680.153",
              "status": "affected",
              "version": "146.0.7680.153",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap buffer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap buffer overflow",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-20T01:34:48.933Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"
        },
        {
          "url": "https://issues.chromium.org/issues/486972661"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-4448",
    "datePublished": "2026-03-20T01:34:48.933Z",
    "dateReserved": "2026-03-19T20:23:50.388Z",
    "dateUpdated": "2026-03-21T04:01:18.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0808

CVE-2026-4439 (GCVE-0-2026-4439)

CVE-2026-4440 (GCVE-0-2026-4440)

CVE-2026-4441 (GCVE-0-2026-4441)

CVE-2026-4442 (GCVE-0-2026-4442)

CVE-2026-4443 (GCVE-0-2026-4443)

CVE-2026-4444 (GCVE-0-2026-4444)

CVE-2026-4445 (GCVE-0-2026-4445)

CVE-2026-4446 (GCVE-0-2026-4446)

CVE-2026-4447 (GCVE-0-2026-4447)

CVE-2026-4448 (GCVE-0-2026-4448)

Tags

Sightings

Nomenclature