{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4449", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-03-19T20:23:50.609Z", "datePublished": "2026-03-20T01:34:49.580Z", "dateUpdated": "2026-03-20T01:34:49.580Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "146.0.7680.153", "status": "affected", "lessThan": "146.0.7680.153", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Use after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use after free", "cweId": "CWE-416"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-03-20T01:34:49.580Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"url": "https://issues.chromium.org/issues/487117772"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}], "id": "CVE-2026-4449", "lastModified": "2026-03-20T02:16:37.773", "metrics": {}, "published": "2026-03-20T02:16:37.773", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/487117772"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{"bugzilla": {"description": "chromium-browser: Use after free in Blink", "id": "2449397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449397"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-1341", "details": ["An use after free flaw was found in the Blink component of the Chromium browser.\nUpstream bug(s):\nhttps://code.google.com/p/chromium/issues/detail?id=487117772"], "name": "CVE-2026-4449", "public_date": "2026-03-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4449\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4449\nhttps://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html\nhttps://issues.chromium.org/issues/487117772"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[146.0.7680.153,146.0.7680.153)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-03-20T03:26:55.274497+00:00", "value": {"mitigation_remediation": ["Update Google Chrome to a version newer than 146.0.7680.153 once available"], "summary": {"action": "Apply Patch", "impact": "Potential Remote Code Execution via Heap Corruption"}, "threat_synthesis": {"affected_systems": "The product affected is Google Chrome. No specific version range is provided in the source; the issue was observed in releases prior to 146.0.7680.153. Because version details are missing from the input, users should verify whether their current Chrome build is older than 146.0.7680.153 to assess risk.", "description_and_impact": "This vulnerability is a use\u2011after\u2011free bug in the Blink rendering engine of Google Chrome, classified as CWE\u2011416. The flaw can be triggered by a specially crafted HTML page viewed in the browser, potentially leading to heap corruption. If successfully exploited, an attacker could gain arbitrary code execution or cause the browser to crash, compromising confidentiality, integrity, or availability of the affected system.", "risk_and_exploitability": "The CVE has a Chromium severity rating of High. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be remote, accessed via a malicious web page. Without remedial patches or workarounds documented, the likelihood of exploitation depends on the distribution of vulnerable Chrome versions in the target environment."}}}}, "created": "2026-03-20T08:53:27.357460+00:00", "title": "Use\u2011After\u2011Free in Blink Leading to Potential Heap Corruption in Chrome", "updated": "2026-03-20T10:43:20.578983+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}