Skip to main content
CVE Vulnerability Database

CVE-2026-5874: Google Chrome Use-After-Free Vulnerability

CVE-2026-5874 is a use-after-free vulnerability in Google Chrome's PrivateAI component that could allow sandbox escape through malicious HTML pages. This article covers technical details, affected versions, and mitigation.

Updated:

CVE-2026-5874 Overview

CVE-2026-5874 is a use-after-free vulnerability [CWE-416] in the PrivateAI component of Google Chrome prior to version 147.0.7727.55. A remote attacker can exploit the flaw by convincing a user to perform specific user interface gestures on a crafted HTML page. Successful exploitation may lead to a sandbox escape, allowing code to break out of Chrome's renderer isolation boundary. The vulnerability affects Chrome installations on Windows, macOS, and Linux. Google rates the Chromium security severity as Medium, while the NVD CVSS assessment places the issue in the higher tier due to scope change and full impact on confidentiality, integrity, and availability.

Critical Impact

Remote attackers can escape the Chrome sandbox through crafted HTML and user gestures, breaching the browser's primary security boundary across all desktop platforms.

Affected Products

  • Google Chrome prior to 147.0.7727.55
  • Apple macOS (Chrome desktop builds)
  • Microsoft Windows and Linux (Chrome desktop builds)

Discovery Timeline

  • 2026-04-08 - CVE-2026-5874 published to NVD
  • 2026-04-13 - Last updated in NVD database

Technical Details for CVE-2026-5874

Vulnerability Analysis

The vulnerability resides in PrivateAI, a Chrome component that handles on-device AI processing within the browser. A use-after-free condition arises when the component releases a heap object while a separate execution path retains a reference. Subsequent access to the freed memory allows an attacker to manipulate the contents of the reclaimed allocation. The flaw requires user interaction in the form of specific UI gestures, indicating a state transition tied to user-driven events.

Because the bug enables a sandbox escape, exploitation breaks out of the renderer process and reaches a more privileged context. The CVSS scope change reflects this cross-boundary impact. Attackers chaining this flaw with a renderer compromise can achieve code execution outside the browser's isolation model.

Root Cause

The root cause is improper object lifetime management in the PrivateAI subsystem. A pointer continues to reference a heap allocation after it has been freed, producing a dangling reference. When that reference is dereferenced later, the underlying memory may already contain attacker-influenced data.

Attack Vector

The attack vector is network-based through a malicious or compromised web page. The attacker hosts a crafted HTML document that triggers the vulnerable PrivateAI code path. The user must perform UI gestures defined by the page, such as clicks or drag interactions, to advance the exploit primitive into the use-after-free condition.

No public proof-of-concept code is available. Refer to the Chromium Issue Tracker entry #485397279 and the Google Chrome stable channel update for technical context.

Detection Methods for CVE-2026-5874

Indicators of Compromise

  • Chrome renderer or utility processes spawning unexpected child processes following navigation to untrusted sites
  • Crashes or chrome.exe exceptions referencing PrivateAI modules in Windows Event Logs or crashpad reports
  • Outbound connections from Chrome helper processes to unfamiliar infrastructure shortly after a user interacts with an unknown HTML page

Detection Strategies

  • Inventory Chrome installations and flag any host running a version below 147.0.7727.55
  • Hunt for anomalous process lineage where Chrome spawns shells, scripting hosts, or LOLBins after browsing activity
  • Correlate browser crash telemetry with subsequent persistence or credential access behaviors

Monitoring Recommendations

  • Forward Chrome crash reports and process telemetry to a central data lake for retroactive hunting
  • Alert on chrome.exe or platform equivalents executing with command lines or child processes inconsistent with normal browsing
  • Track web filtering logs for users visiting newly registered or low-reputation domains immediately before suspicious endpoint activity

How to Mitigate CVE-2026-5874

Immediate Actions Required

  • Update Google Chrome to version 147.0.7727.55 or later on Windows, macOS, and Linux endpoints
  • Force-restart Chrome across managed fleets to ensure the patched binary is loaded into memory
  • Verify enterprise auto-update policies are not blocking the stable channel update

Patch Information

Google released the fix in the Chrome stable channel update documented in the Chrome Releases blog. Administrators using Chrome Browser Cloud Management or group policy should confirm that the TargetVersionPrefix and update suspension settings allow deployment of 147.0.7727.55.

Workarounds

  • Restrict browsing to trusted domains using web proxy or DNS filtering until patching is complete
  • Disable or restrict experimental PrivateAI features through enterprise policy where supported
  • Educate users to avoid interacting with unsolicited prompts or gestures on unfamiliar web pages
bash
# Verify installed Chrome version on Linux/macOS endpoints
google-chrome --version
# Expected output: Google Chrome 147.0.7727.55 or higher

# Windows: query installed Chrome version via PowerShell
(Get-Item "$Env:ProgramFiles\Google\Chrome\Application\chrome.exe").VersionInfo.ProductVersion

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.