CVE-2026-5277EXPLOITEDPATCHED

cve

CVE-2026-5277: Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromi

Description

Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Affected Products

Vendor	Product	Versions
cve	—	146.0.7680.178

References

Related News (2 articles)

Tier C

VulDB9h ago

CVE-2026-5277 | Google Chrome up to 146.0.7680.165 on Windows ANGLE external control of assumed-immutable web parameter (ID 489791)

→ No new info (linked only)

Tier B

CERT-FR14h ago

Multiples vulnérabilités dans Google Chrome (01 avril 2026)

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

146.0.7680.178

CWECWE-472

PublishedApr 1, 2026

Last enriched8h agov2

Trending Score59

Source articles2

Independent2

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-5281EXPKEV

CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render

Trending: 132

HIGHCVE-2026-5284EXP

CVE-2026-5284: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render

Trending: 68

CRITICALCVE-2026-2275EXP

CVE-2026-2275

Trending: 68

CRITICALCVE-2026-3470EXP

CVE-2026-3470: A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to dat

Trending: 64

MEDIUMCVE-2026-27101EXP

CVE-2026-27101: Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Impro

Trending: 61

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026

Updated: description, severity, affectedVersions, activelyExploited

Apr 1, 2026

Actively Exploited

Apr 1, 2026

Patch Available

Apr 1, 2026

Version History

Last enriched 8h ago

v2Tier C8h ago

Updated severity to CRITICAL, added affected version 146.0.7680.165, and changed exploit availability status.

descriptionseverityaffectedVersionsactivelyExploited

via VulDB

v19h ago

Initial creation