Zero Day MonitorZDM

← Back to list

—

CVE-2026-5896EXPLOITEDPATCHED

google · chrome

CVE-2026-5896: Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage

Description

A vulnerability categorized as critical has been discovered in Google Chrome. Affected by this issue is some unknown functionality of the component Audio. Executing a manipulation can lead to improper access controls. The attack may be launched remotely.

Affected Products

Vendor	Product	Versions
google	chrome	147.0.7727.55, 146.0.7680.178

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
google	chrome	cert_advisory	90%
microsoft	microsoft edge	cert_advisory	90%

References

Related News (2 articles)

Tier B

BSI Advisories1d ago

[NEU] [hoch] Google Chrome und Microsoft Edge: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-5896 | Google Chrome up to 146.0.7680.178 Audio access control (ID 400645)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

147.0.7727.55

PublishedApr 8, 2026

Last enriched1d agov2

Trending Score52

Source articles2

Independent2

Info Completeness7/14

Missing: cvss, epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-5281EXPKEV

CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render

CRITICALCVE-2026-5858EXP

CVE-2026-5858: Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary cod

NONECVE-2026-5859EXP

CVE-2026-5859: Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap

CRITICALCVE-2026-27144EXP

Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile

HIGHCVE-2026-5914EXP

CVE-2026-5914: Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a mali

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 8, 2026

Actively Exploited

Apr 8, 2026

Patch Available

Apr 8, 2026

Discovered by ZDM

Apr 8, 2026

Updated: description, affectedVersions, severity, activelyExploited

Apr 9, 2026

Version History

v2

Last enriched 1d ago

v2Tier C1d ago

Updated severity to CRITICAL, added new affected version 146.0.7680.178, and corrected exploit availability.

descriptionaffectedVersionsseverityactivelyExploited

via VulDB

v11d ago

Initial creation