—

CVE-2026-5285EXPLOITEDPATCHED

google · chrome

CVE-2026-5285: Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code ins

Description

Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Affected Products

Vendor	Product	Versions
google	chrome	146.0.7680.178, 146.0.7680.165

References

Related News (2 articles)

Tier C

VulDB6h ago

CVE-2026-5285 | Google Chrome up to 146.0.7680.165 WebGL use after free (ID 492228)

→ No new info (linked only)

Tier B

CERT-FR12h ago

Multiples vulnérabilités dans Google Chrome (01 avril 2026)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

146.0.7680.178

CWECWE-416

PublishedApr 1, 2026

Last enriched6h agov2

Trending Score57

Source articles2

Independent2

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-5281EXPKEV

CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render

Trending: 111

HIGHCVE-2026-3910EXPKEV

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi

Trending: 107

HIGHCVE-2026-3909EXPKEV

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Trending: 107

HIGHCVE-2026-2441EXPKEV

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Trending: 96

CRITICALCVE-2026-5277EXP

CVE-2026-5277: Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromi

Trending: 57

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026

Actively Exploited

Apr 1, 2026

Patch Available

Apr 1, 2026

Updated: severity, affectedVersions, activelyExploited

Apr 1, 2026

Version History

Last enriched 6h ago

v2Tier C6h ago

Updated severity to CRITICAL, affected versions to include 146.0.7680.165, and noted that no exploit is available.

severityaffectedVersionsactivelyExploited

via VulDB

v17h ago

Initial creation