—

CVE-2026-5859EXPLOITEDPATCHED

google · google chrome

CVE-2026-5859: Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap

Description

A vulnerability was found in Google Chrome. It has been rated as critical. Impacted is an unknown function of the component WebML. The manipulation leads to external control of assumed-immutable web parameter.

Affected Products

Vendor	Product	Versions
google	google chrome	147.0.7727.55, 146.0.7680.178, 147.0.7727.49

References

Related News (2 articles)

Tier D

Heise Security3h ago

Google Chrome 147: Update stopft 60 Sicherheitslücken, davon zwei kritische

→ No new info (linked only)

Tier C

VulDB8h ago

CVE-2026-5859 | Google Chrome up to 146.0.7680.178 WebML external control of assumed-immutable web parameter (ID 494158)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

147.0.7727.55

CWECWE-472

PublishedApr 8, 2026

Last enriched2h agov3

Trending Score62

Source articles3

Independent2

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-5281EXPKEV

CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render

Trending: 122

CRITICALCVE-2026-5858EXP

CVE-2026-5858: Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary cod

Trending: 62

CRITICALCVE-2026-33810EXP

Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509

Trending: 59

HIGHCVE-2026-32288EXP

Unbounded allocation for old GNU sparse in archive/tar

Trending: 56

HIGHCVE-2026-0049EXP

CVE-2026-0049: In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhausti

Trending: 55

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 8, 2026

Discovered by ZDM

Apr 8, 2026

Actively Exploited

Apr 8, 2026

Patch Available

Apr 8, 2026

Updated: description, affectedVersions, severity, activelyExploited

Apr 9, 2026

Updated: affectedVersions

Apr 9, 2026

Version History

Last enriched 2h ago

v3Tier D2h ago

Added affected version 147.0.7727.49, marked exploit as available, and updated patch version to 147.0.7727.55/56.

affectedVersions

via Heise Security

v2Tier C7h ago

Updated description with new technical details, changed severity to CRITICAL, and added new affected version 146.0.7680.178.

descriptionaffectedVersionsseverityactivelyExploited

via VulDB

v111h ago

Initial creation