Google Chrome Prior to 146.0.7680.165 Allows Malicious Code Execution

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

Google Chrome Prior to 146.0.7680.165 Allows Malicious Code Execution

CVE-2026-4680

Summary

A bug in Google Chrome's FedCM feature can be exploited by a malicious website to run unauthorized code on your computer. This could potentially allow hackers to steal sensitive information or take control of your system. Update to the latest version of Google Chrome to fix this issue.

Original title

Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Original description

Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

nvd CVSS3.1 8.8

Vulnerability type

CWE-416 Use After Free

Published: 24 Mar 2026 · Updated: 24 Mar 2026 · First seen: 24 Mar 2026