{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4441", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-03-19T20:23:48.029Z", "datePublished": "2026-03-20T01:34:44.671Z", "dateUpdated": "2026-03-20T01:34:44.671Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "146.0.7680.153", "status": "affected", "lessThan": "146.0.7680.153", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use after free", "cweId": "CWE-416"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-03-20T01:34:44.671Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"url": "https://issues.chromium.org/issues/489381399"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)"}], "id": "CVE-2026-4441", "lastModified": "2026-03-20T02:16:36.630", "metrics": {}, "published": "2026-03-20T02:16:36.630", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/489381399"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{"bugzilla": {"description": "chromium-browser: Use after free in Base", "id": "2449415", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449415"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-825", "details": ["An use after free flaw was found in the Base component of the Chromium browser.\nUpstream bug(s):\nhttps://code.google.com/p/chromium/issues/detail?id=489381399"], "name": "CVE-2026-4441", "public_date": "2026-03-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4441\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4441\nhttps://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html\nhttps://issues.chromium.org/issues/489381399"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Critical"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[146.0.7680.153,146.0.7680.153)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-03-20T03:52:58.466769+00:00", "value": {"mitigation_remediation": ["Upgrade Google Chrome to version 146.0.7680.153 or later", "Verify the update by checking the browser\u2019s \"About Chrome\" page", "Ensure automatic updates are enabled to receive future security patches promptly"], "summary": {"action": "Patch", "impact": "Remote Exploitation"}, "threat_synthesis": {"affected_systems": "All builds of Google Chrome that use the Base component before version 146.0.7680.153 are affected. The vulnerability applies to every consumer release of Chrome prior to that build number, across all platforms that run the affected component.", "description_and_impact": "A use\u2011after\u2011free bug exists in the Base component of Google Chrome versions prior to 146.0.7680.153. The flaw allows an attacker who can deliver a specially crafted HTML page to a user to trigger a heap corruption, which is a classic memory error represented by CWE\u2011416. The vulnerability is described as potentially exploitable, indicating a risk for remote exploitation through memory corruption.", "risk_and_exploitability": "Chromium labels this issue as critical, reflecting a high severity potential. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, implying limited publicly available exploitation data. The likely attack vector is inferred to be remote, via a maliciously crafted web page that a user opens in the vulnerable Chrome browser. No other prerequisites beyond normal browser usage are explicitly documented in the provided information."}}}}, "created": "2026-03-20T08:53:34.180159+00:00", "title": "Use-After-Free in Google Chrome Base Leading to Heap Corruption via Crafted HTML Page", "updated": "2026-03-20T10:43:27.424881+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}