{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5893", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-08T19:34:40.926Z", "datePublished": "2026-04-08T21:20:55.922Z", "dateUpdated": "2026-04-08T21:20:55.922Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.55", "status": "affected", "lessThan": "147.0.7727.55", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Race", "cweId": "CWE-362"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-08T21:20:55.922Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"url": "https://issues.chromium.org/issues/487768771"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)"}], "id": "CVE-2026-5893", "lastModified": "2026-04-08T22:16:29.180", "metrics": {}, "published": "2026-04-08T22:16:29.180", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/487768771"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{"bugzilla": {"description": "chromium-browser: Race in V8", "id": "2456754", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456754"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-366", "details": ["A race flaw was found in the V8 component of the Chromium browser.\nUpstream bug(s):\nhttps://code.google.com/p/chromium/issues/detail?id=487768771"], "name": "CVE-2026-5893", "public_date": "2026-04-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-5893\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-5893\nhttps://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html\nhttps://issues.chromium.org/issues/487768771"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[147.0.7727.55,147.0.7727.55)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-08T22:58:40.489943+00:00", "value": {"mitigation_remediation": ["Update Google Chrome to version 147.0.7727.55 or later via the stable channel update."], "summary": {"action": "Patch", "impact": "Memory corruption"}, "threat_synthesis": {"affected_systems": "Users running Google Chrome desktop versions earlier than 147.0.7727.55 are affected. The issue applies to the Chrome stable channel on all platforms that use the V8 engine.", "description_and_impact": "A race condition in the V8 JavaScript engine allows a crafted HTML page to trigger heap corruption. The CVE description indicates that exploitation could lead to memory corruption, though it does not explicitly state that arbitrary code execution is guaranteed. The weakness is classified as a race condition (CWE\u2011362).", "risk_and_exploitability": "The Chromium team assigned a Medium severity to the issue. Exploitation would require an attacker to deliver a specifically crafted HTML page to a victim, making it a remote, browser\u2011based attack. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. Until the latest update is installed, systems remain at a moderate risk of compromise."}}}}, "created": "2026-04-09T08:16:59.445077+00:00", "title": "Race Condition in V8 Engine Leading to Heap Corruption", "updated": "2026-04-09T08:26:25.622763+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}