CVE-2026-4446EXPLOITEDPATCHED

microsoft · edge

Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Description

Affected Products

Vendor	Product	Versions
microsoft	edge	< 146.0.7680.153

References

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html(Vendor Advisory, Release Notes)
https://issues.chromium.org/issues/486421954(Issue Tracking, Permissions Required)

Related News (2 articles)

Tier A

Microsoft MSRC7d ago

Chromium: CVE-2026-4446 Use after free in WebRTC

→ No new info (linked only)

Tier B

CERT-FR7d ago

Multiples vulnérabilités dans Microsoft Edge (23 mars 2026)

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available146.0.7680.153

CWECWE-416

PublishedMar 20, 2026

Last enriched3d agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-32187EXP

Microsoft Edge (Chromium-based) Defense in Depth Vulnerability

Trending: 60

HIGHCVE-2026-21510EXPKEV

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Trending: 57

MEDIUMCVE-2026-20805EXPKEV

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

Trending: 54

CRITICALCVE-2026-20963EXPKEV

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Trending: 23

HIGHCVE-2026-4449EXP

Use after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Trending: 18

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 20, 2026

Actively Exploited

Mar 20, 2026

Exploit Available

Mar 20, 2026

Patch Available

Mar 20, 2026

Discovered by ZDM

Mar 26, 2026

Updated: vendor, product, exploitAvailable, activelyExploited, tags

Mar 26, 2026

Version History

Last enriched 3d ago

v2Tier A3d ago

Updated vendor to Microsoft, added product Edge, marked exploit as available and actively exploited, and added new tag CVE-2026-4446.

vendorproductexploitAvailableactivelyExploitedtags

via Microsoft MSRC

v13d ago

Initial creation