Google Chrome: Malicious code can run in sandbox in crafted HTML page

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Google Chrome: Malicious code can run in sandbox in crafted HTML page

CVE-2026-5280

Summary

A security issue in older versions of Google Chrome allows a hacker to potentially run malicious code in a secure environment. This could happen if a user visits a specially designed web page. To protect yourself, update to the latest version of Google Chrome.

Original title

Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Original description

Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vulnerability type

CWE-416 Use After Free

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_...
https://issues.chromium.org/issues/491515787

Published: 1 Apr 2026 · Updated: 1 Apr 2026 · First seen: 1 Apr 2026