Use-after-free in V8 before 147.0.7727.55 via malicious Chrome Extension
CVE-2026-5904 Published on April 8, 2026

Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)

NVD

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2026-5904 has been classified to as a Dangling pointer vulnerability or weakness.

Products Associated with CVE-2026-5904

Want to know whenever a new CVE is published for Google Chrome? stack.watch will email you.

Google Chrome

Affected Versions

Google Chrome:

Version 147.0.7727.55 and below 147.0.7727.55 is affected.

Use-after-free in V8 before 147.0.7727.55 via malicious Chrome ExtensionCVE-2026-5904 Published on April 8, 2026

Weakness Type

What is a Dangling pointer Vulnerability?

Products Associated with CVE-2026-5904

Affected Versions

Use-after-free in V8 before 147.0.7727.55 via malicious Chrome Extension
CVE-2026-5904 Published on April 8, 2026