{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5865", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-08T19:34:33.369Z", "datePublished": "2026-04-08T21:20:42.400Z", "dateUpdated": "2026-04-08T21:20:42.400Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.55", "status": "affected", "lessThan": "147.0.7727.55", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Type Confusion", "cweId": "CWE-843"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-08T21:20:42.400Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"url": "https://issues.chromium.org/issues/491884710"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"}], "id": "CVE-2026-5865", "lastModified": "2026-04-08T22:16:26.017", "metrics": {}, "published": "2026-04-08T22:16:26.017", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/491884710"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-843"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,147.0.7727.55)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-08T23:36:47.877467+00:00", "value": {"mitigation_remediation": ["Update Google Chrome to version 147.0.7727.55 or newer", "Ensure automatic updates are enabled so future patches are applied promptly."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All installations of Google Chrome on the stable channel older than version 147.0.7727.55 across Windows, macOS, Linux, and other supported platforms are impacted.", "description_and_impact": "Type confusion in the V8 JavaScript engine of Google Chrome allows a remote attacker to execute arbitrary code inside the browser's sandbox by opening a crafted HTML page. The vulnerability was reported as high severity by Chromium.", "risk_and_exploitability": "No CVSS or EPSS metrics are provided. Chromium rated the issue as high severity. The attack vector is remote, requiring the user to visit a malicious web page. Successful exploitation would enable execution of code within the browser's sandbox. There is currently no public exploitation evidence, and it is not listed in the CISA Known Exploited Vulnerabilities catalog."}}}}, "created": "2026-04-09T08:17:37.581203+00:00", "title": "V8 Type Confusion Enables Remote Code Execution in Chrome Sandbox", "updated": "2026-04-09T08:27:01.077911+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}