CVE-2026-4676EXPLOITEDPATCHED

google · chrome

Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Description

Affected Products

Vendor	Product	Versions
google	chrome	< 146.0.7680.164

References

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html(Release Notes, Vendor Advisory)
https://issues.chromium.org/issues/488613135(Permissions Required)

Related News (2 articles)

Tier A

Microsoft MSRC-9857s ago

Chromium: CVE-2026-4676 Use after free in Dawn

→ No new info (linked only)

Tier B

CERT-FR7d ago

Multiples vulnérabilités dans Google Chrome (24 mars 2026)

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available146.0.7680.164

CWECWE-416

PublishedMar 24, 2026

Last enriched3h agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-4677EXP

Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity

Trending: 35

HIGHCVE-2026-4680EXP

Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Trending: 35

HIGHCVE-2026-4673EXP

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Trending: 35

HIGHCVE-2026-4679EXP

Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Trending: 28

HIGHCVE-2026-4674EXP

Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Trending: 28

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 24, 2026

Actively Exploited

Mar 24, 2026

Exploit Available

Mar 24, 2026

Patch Available

Mar 24, 2026

Discovered by ZDM

Mar 26, 2026

Updated: exploitAvailable, activelyExploited, tags

Mar 31, 2026

Version History

Last enriched 3h ago

v2Tier A3h ago

Marked exploit availability as true, noted active exploitation, and added new tag CVE-2026-4676.

exploitAvailableactivelyExploitedtags

via Microsoft MSRC

v14d ago

Initial creation