CVE-2026-4680EXPLOITEDPATCHED

google · chrome

Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Description

Affected Products

Vendor	Product	Versions
google	chrome	< 146.0.7680.164

References

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html(Release Notes, Vendor Advisory)
https://issues.chromium.org/issues/491869946(Permissions Required)

Related News (2 articles)

Tier A

Microsoft MSRC2d ago

Chromium: CVE-2026-4680 Use after free in FedCM

→ No new info (linked only)

Tier B

CERT-FR6d ago

Multiples vulnérabilités dans Google Chrome (24 mars 2026)

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available146.0.7680.164

CWECWE-416

PublishedMar 24, 2026

Last enriched3d agov2

Trending Score37

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-4677EXP

Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity

Trending: 37

HIGHCVE-2026-4673EXP

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Trending: 37

HIGHCVE-2026-4679EXP

Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Trending: 29

HIGHCVE-2026-4674EXP

Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Trending: 29

HIGHCVE-2026-4675EXP

Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Trending: 29

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 24, 2026

Actively Exploited

Mar 24, 2026

Exploit Available

Mar 24, 2026

Patch Available

Mar 24, 2026

Discovered by ZDM

Mar 26, 2026

Updated: exploitAvailable, activelyExploited

Mar 27, 2026

Version History

Last enriched 3d ago

v2Tier A3d ago

Updated vendor to Microsoft and product to Edge, and marked exploit availability and active exploitation as true.

exploitAvailableactivelyExploited

via Microsoft MSRC

v14d ago

Initial creation