Google Chrome - Untrusted Code Execution via Malicious HTML Page

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Google Chrome - Untrusted Code Execution via Malicious HTML Page

CVE-2026-5872

Summary

Google Chrome users are at risk of having malicious code executed on their computers if they visit a specially crafted web page. This could allow an attacker to access sensitive information or take control of the system. Update Chrome to the latest version to fix this vulnerability.

Original title

Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Original description

Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vulnerability type

CWE-416 Use After Free

Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026