Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a craf

Description

Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Affected Products

Vendor	Product	Versions
Microsoft	Edge	< 146.0.7680.153

References

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html(Vendor Advisory, Release Notes)
https://issues.chromium.org/issues/488617440(Issue Tracking, Permissions Required)

Related News (1 articles)

Tier A

Microsoft MSRC4d ago

Chromium: CVE-2026-4456 Use after free in Digital Credentials API

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-416

Published3/20/2026

Last enriched2h agov3

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Version History

Last enriched 2h ago

v3Tier A2h ago

Updated vendor to Microsoft and added product as Edge, noting its relation to Chromium.

vendorproducttags

via Microsoft MSRC

v2Tier A9h ago

Marked exploit availability as true, actively exploited status as true, and added new tag CVE-2026-4456.

exploitAvailableactivelyExploitedtags

via Microsoft MSRC

v110h ago

Initial creation