Google Chrome: Remote code execution through crafted HTML page

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

Google Chrome: Remote code execution through crafted HTML page

CVE-2026-4678

Summary

A security weakness in Google Chrome's WebGPU feature allows a malicious website to execute unauthorized code on a user's device. This could potentially lead to data theft or other malicious activities. To stay protected, ensure you're running the latest version of Google Chrome, as updating it should resolve this issue.

Original title

Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Original description

Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vulnerability type

CWE-416 Use After Free

Published: 24 Mar 2026 · Updated: 24 Mar 2026 · First seen: 24 Mar 2026