CVE-2026-4458

HIGH apple, google, linux, microsoft NVD

CVSS Score 8.8

Severity HIGH

Published Mar 20, 2026

Vendor apple, google, linux, microsoft

Description

Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

References

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html
https://issues.chromium.org/issues/489619753