{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5874", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-08T19:34:36.131Z", "datePublished": "2026-04-08T21:20:46.077Z", "dateUpdated": "2026-04-08T21:20:46.077Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.55", "status": "affected", "lessThan": "147.0.7727.55", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use after free", "cweId": "CWE-416"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-08T21:20:46.077Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"url": "https://issues.chromium.org/issues/485397279"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)"}], "id": "CVE-2026-5874", "lastModified": "2026-04-08T22:16:27.003", "metrics": {}, "published": "2026-04-08T22:16:27.003", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/485397279"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{"bugzilla": {"description": "Google Chrome: Chromium: Google Chrome: Sandbox escape via use-after-free in PrivateAI", "id": "2456798", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456798"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-825", "details": ["A flaw was found in Google Chrome. A remote attacker could exploit a use-after-free vulnerability in the PrivateAI component by convincing a user to engage in specific user interface (UI) gestures through a crafted HTML page. This could potentially allow the attacker to bypass the browser's security sandbox, leading to unauthorized access or control over the system."], "name": "CVE-2026-5874", "public_date": "2026-04-08T21:20:46Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-5874\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-5874\nhttps://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html\nhttps://issues.chromium.org/issues/485397279"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[147.0.7727.55,147.0.7727.55)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-10T01:36:24.885108+00:00", "value": {"mitigation_remediation": ["Update Google Chrome to version 147.0.7727.55 or newer."], "summary": {"action": "Immediate Patch", "impact": "Sandbox Escape"}, "threat_synthesis": {"affected_systems": "The flaw affects Google Chrome versions prior to 147.0.7727.55. All users running the stable channel before that build are susceptible. Upgrading to the latest stable release mitigates the issue.", "description_and_impact": "A use\u2011after\u2011free flaw in PrivateAI allows a remote attacker to craft an HTML page that, if a user engages in specific UI gestures, may escape Chromium\u2019s sandbox. This leads to non\u2011trusted content gaining unrestricted access to system resources, effectively enabling remote code execution. The vulnerability is classified as CWE\u2011416 and involves an uncontrolled resource consumption issue (CWE\u2011825). The security severity is marked as Medium, but the CVSS score of 9.6 indicates a critical potential impact on confidentiality, integrity, and availability.", "risk_and_exploitability": "With a CVSS score of 9.6 and an EPSS of less than 1%, the exploit probability is low but significant enough to warrant immediate action. The vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread exploitation yet. An attacker requires the victim to open a crafted HTML page and perform certain UI gestures, indicating a social\u2011engineering component to trigger the sandbox escape."}}}}, "created": "2026-04-09T08:17:28.475865+00:00", "updated": "2026-04-10T09:40:26.542959+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}