{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5883", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-08T19:34:38.216Z", "datePublished": "2026-04-08T21:20:50.427Z", "dateUpdated": "2026-04-08T21:20:50.427Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.55", "status": "affected", "lessThan": "147.0.7727.55", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use after free", "cweId": "CWE-416"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-08T21:20:50.427Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"url": "https://issues.chromium.org/issues/482958590"}]}}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5883", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-08T19:34:38.216Z", "datePublished": "2026-04-08T21:20:50.427Z", "dateUpdated": "2026-04-08T21:20:50.427Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.55", "status": "affected", "lessThan": "147.0.7727.55", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use after free", "cweId": "CWE-416"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-08T21:20:50.427Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"url": "https://issues.chromium.org/issues/482958590"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "format": "CVSS", "version": "3.1", "baseScore": 8.8, "scenarios": [{"lang": "en", "value": "GENERAL"}], "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-5883", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-09T17:36:45.671769Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-04-09T17:36:59.219Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)"}], "id": "CVE-2026-5883", "lastModified": "2026-04-08T22:16:27.940", "metrics": {}, "published": "2026-04-08T22:16:27.940", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/482958590"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[147.0.7727.55,147.0.7727.55)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-08T22:43:07.370385+00:00", "value": {"mitigation_remediation": ["Update Chrome to version 147.0.7727.55 or later", "Enable automatic updates to receive future patches promptly", "Avoid navigating to unknown or suspicious web pages in older Chrome versions"], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution within sandbox"}, "threat_synthesis": {"affected_systems": "All desktop installations of Google Chrome prior to version 147.0.7727.55 are affected. The issue applies across operating systems that run the Chrome browser.", "description_and_impact": "A use\u2011after\u2011free flaw exists in the Media component of Google Chrome. By serving a specially crafted HTML document, an attacker can trigger the vulnerability and execute arbitrary code inside the browser\u2019s sandbox. The weakness corresponds to CWE\u2011416 and permits the attacker to compromise confidentiality, integrity, and availability of the infected machine.", "risk_and_exploitability": "The vulnerability carries a medium severity rating. No EPSS score is available and it has not been listed in the CISA KEV catalog. Exploitation requires that a victim open or load a malicious HTML page in an affected Chrome instance; the attacker does not need elevated privileges or additional footholds. Given its nature, the risk is significant for users who visit untrusted web content."}}}}, "created": "2026-04-09T08:17:19.522384+00:00", "title": "Use\u2011After\u2011Free in Media Enables Remote Code Execution via Crafted HTML", "updated": "2026-04-09T08:26:43.114578+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}