CVE-2026-5280

Опубликовано: 01 апр. 2026

Источник: debian

EPSS Низкий

Описание

Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
chromium	fixed	146.0.7680.177-1		package
chromium	end-of-life		bullseye	package

EPSS

Процентиль: 20%

0.00066

Низкий

Связанные уязвимости

CVE-2026-5280

CVSS3: 9.6

redhat

8 дней назад

Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2026-5280

CVSS3: 8.8

nvd

6 дней назад

Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2026-5280

msrc

5 дней назад

Chromium: CVE-2026-5280 Use after free in WebCodecs

GHSA-rxr9-x3w7-wrh7

CVSS3: 6.3

github

6 дней назад

Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

EPSS

Процентиль: 20%

0.00066

Низкий