—

CVE-2026-5860EXPLOITEDPATCHED

google · google chrome

CVE-2026-5860: Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code ins

Description

A vulnerability was found in Google Chrome. It has been declared as critical. This issue affects some unknown processing of the component WebRTC. Executing a manipulation can lead to use after free. The attack may be launched remotely.

Affected Products

Vendor	Product	Versions
google	google chrome	147.0.7727.55, 146.0.7680.178

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
google	chrome	cert_advisory	90%
microsoft	microsoft edge	cert_advisory	90%

References

Related News (2 articles)

Tier B

BSI Advisories3h ago

[NEU] [hoch] Google Chrome und Microsoft Edge: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB14h ago

CVE-2026-5860 | Google Chrome up to 146.0.7680.178 WebRTC use after free (ID 486495)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

147.0.7727.55

CWECWE-416

PublishedApr 8, 2026

Last enriched13h agov2

Trending Score60

Source articles2

Independent2

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-5281EXPKEV

CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render

Trending: 118

CRITICALCVE-2026-5858EXP

CVE-2026-5858: Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary cod

Trending: 68

CRITICALCVE-2026-5859EXP

CVE-2026-5859: Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap

Trending: 64

CRITICALCVE-2026-5896EXP

CVE-2026-5896: Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage

Trending: 60

CRITICALCVE-2026-5883EXP

CVE-2026-5883: Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code insi

Trending: 60

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 8, 2026

Actively Exploited

Apr 8, 2026

Patch Available

Apr 8, 2026

Discovered by ZDM

Apr 8, 2026

Updated: description, severity, affectedVersions, activelyExploited

Apr 9, 2026

Version History

Last enriched 13h ago

v2Tier C13h ago

Updated severity to CRITICAL, added affected version 146.0.7680.178, and noted that there is no exploit available.

descriptionseverityaffectedVersionsactivelyExploited

via VulDB

v116h ago

Initial creation