{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5874", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-08T19:34:36.131Z", "datePublished": "2026-04-08T21:20:46.077Z", "dateUpdated": "2026-04-08T21:20:46.077Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.55", "status": "affected", "lessThan": "147.0.7727.55", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use after free", "cweId": "CWE-416"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-08T21:20:46.077Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"url": "https://issues.chromium.org/issues/485397279"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)"}], "id": "CVE-2026-5874", "lastModified": "2026-04-08T22:16:27.003", "metrics": {}, "published": "2026-04-08T22:16:27.003", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/485397279"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[147.0.7727.55,147.0.7727.55)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-08T23:13:35.132322+00:00", "value": {"mitigation_remediation": ["Update Google Chrome to version 147.0.7727.55 or later.", "Verify the browser displays the updated version in the About page.", "If an update cannot be applied immediately, avoid visiting untrusted sites until the patch is installed."], "summary": {"action": "Apply Patch", "impact": "Sandbox Escape"}, "threat_synthesis": {"affected_systems": "All Chrome stable releases prior to version 147.0.7727.55 are affected.", "description_and_impact": "A use\u2011after\u2011free flaw in Chrome\u2019s PrivateAI module allows a crafted web page, when a user performs specific UI gestures, to execute arbitrary code outside the browser sandbox. This medium\u2011severity issue could enable an attacker to access system resources or compromise user data.", "risk_and_exploitability": "Chromium rates this vulnerability as medium. Exploit probability data is not available. The issue is not listed in the CISA Known Exploited Vulnerabilities catalog. An attacker would need to deliver a malicious HTML page and rely on a user to trigger particular gestures, reducing the likelihood of automated exploitation but still posing a threat to users who do not update."}}}}, "created": "2026-04-09T08:17:28.475865+00:00", "title": "Use\u2011after\u2011free in Chrome PrivateAI Allows Sandbox Escape", "updated": "2026-04-09T08:26:51.873413+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}