CVE-2026-5285EXPLOITEDPATCHED

cve

CVE-2026-5285: Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code ins

Description

Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Affected Products

Vendor	Product	Versions
cve	—	146.0.7680.178

References

Related News (2 articles)

Tier C

VulDB8h ago

CVE-2026-5285 | Google Chrome up to 146.0.7680.165 WebGL use after free (ID 492228)

→ No new info (linked only)

Tier B

CERT-FR14h ago

Multiples vulnérabilités dans Google Chrome (01 avril 2026)

→ No new info (linked only)

CVSS 3.16.3 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

146.0.7680.178

CWECWE-416

PublishedApr 1, 2026

Last enriched8h agov2

Trending Score59

Source articles2

Independent2

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-5281EXPKEV

CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render

Trending: 132

HIGHCVE-2026-5284EXP

CVE-2026-5284: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render

Trending: 68

CRITICALCVE-2026-2275EXP

CVE-2026-2275

Trending: 68

CRITICALCVE-2026-3470EXP

CVE-2026-3470: A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to dat

Trending: 64

MEDIUMCVE-2026-27101EXP

CVE-2026-27101: Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Impro

Trending: 61

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026

Updated: severity, affectedVersions, activelyExploited

Apr 1, 2026

Actively Exploited

Apr 1, 2026

Patch Available

Apr 1, 2026

Version History

Last enriched 8h ago

v2Tier C8h ago

Updated severity to CRITICAL, affected versions to include 146.0.7680.165, and noted that no exploit is available.

severityaffectedVersionsactivelyExploited

via VulDB

v19h ago

Initial creation