VYPR
Critical severity9.6NVD Advisory· Published Apr 8, 2026· Updated Apr 13, 2026

CVE-2026-5874

CVE-2026-5874

Description

Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Affected products

6

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.