Google Chrome Prior to 146.0.7680.178 Allows Remote Code Execution via Malicious PDF

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Google Chrome Prior to 146.0.7680.178 Allows Remote Code Execution via Malicious PDF

CVE-2026-5287

Summary

A security issue in Google Chrome's PDF viewer allows a hacker to access your computer's memory and potentially run malicious code. If you use Google Chrome, update to the latest version to protect yourself from this risk. This is a high-priority update, so it's essential to apply it as soon as possible.

Original title

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Original description

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Vulnerability type

CWE-416 Use After Free

Published: 1 Apr 2026 · Updated: 1 Apr 2026 · First seen: 1 Apr 2026