CVE-2026-4680

Опубликовано: 23 мар. 2026

Источник: redhat

CVSS3: 8.8

EPSS Низкий

Описание

Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

An use after free flaw was found in the FedCM component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=491869946

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-825

https://bugzilla.redhat.com/show_bug.cgi?id=2450568chromium-browser: Use after free in FedCM

EPSS

Процентиль: 34%

0.00139

Низкий

8.8 High

CVSS3

Связанные уязвимости

CVE-2026-4680

CVSS3: 8.8

nvd

16 дней назад

Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2026-4680

msrc

13 дней назад

Chromium: CVE-2026-4680 Use after free in FedCM

CVE-2026-4680

CVSS3: 8.8

debian

16 дней назад

Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allow ...

GHSA-ff93-q3vw-vxx2

CVSS3: 8.8

github

16 дней назад

Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

BDU:2026-04228

CVSS3: 8.8

fstec

28 дней назад

Уязвимость компонента FedCM браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 34%

0.00139

Низкий

8.8 High

CVSS3