{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5862", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-08T19:34:32.627Z", "datePublished": "2026-04-08T21:20:41.201Z", "dateUpdated": "2026-04-08T21:20:41.201Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.55", "status": "affected", "lessThan": "147.0.7727.55", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Inappropriate implementation"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-08T21:20:41.201Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"url": "https://issues.chromium.org/issues/470566252"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"}], "id": "CVE-2026-5862", "lastModified": "2026-04-08T22:16:25.720", "metrics": {}, "published": "2026-04-08T22:16:25.720", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/470566252"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[147.0.7727.55,147.0.7727.55)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-08T22:50:46.467178+00:00", "value": {"mitigation_remediation": ["Apply the latest Chrome update, at least version 147.0.7727.55 or newer. If immediate update is not possible, isolate the browser from untrusted content using a trusted network boundary or web filtering to block the crafted pages. Maintain the browser in the highest security configuration and monitor official channels for patches."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Google Chrome browsers running versions prior to 147.0.7727.55 are impacted. Users of any operating system that hosts this browser version are vulnerable.", "description_and_impact": "A flaw in the V8 JavaScript engine of Google Chrome allows a remote attacker to run arbitrary code inside the browser sandbox by serving a specially crafted HTML page. The vulnerability enables the attacker to inject malicious input that the engine processes incorrectly, leading to execution of code that would normally be confined to the sandbox. If exploited, the attacker can compromise confidentiality, integrity, or availability of the affected system and potentially pivot to other resources. Based on the description the weakness appears to be a failure to validate or handle input safely during script execution.", "risk_and_exploitability": "The vulnerability is graded as high severity by Chromium. No EPSS score is published, and it is not listed in the CISA KEV catalog. Exploitation requires only that an attacker deliver a crafted HTML page to the victim, implying the attack vector is remote and can be triggered normally over the web or via email. Because the flaw is in core engine code, successful exploitation leads to full code execution within the sandbox, potentially allowing out-of-sandbox escape through further bugs. The risk is significant for systems with unpatched Chrome installations."}}}}, "created": "2026-04-09T08:17:40.525182+00:00", "updated": "2026-04-09T08:27:04.125727+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}