{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4461", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-03-19T20:23:55.151Z", "datePublished": "2026-03-20T01:34:57.198Z", "dateUpdated": "2026-03-20T01:34:57.198Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "146.0.7680.153", "status": "affected", "lessThan": "146.0.7680.153", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Inappropriate implementation"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-03-20T01:34:57.198Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"url": "https://issues.chromium.org/issues/490558172"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}], "id": "CVE-2026-4461", "lastModified": "2026-03-20T02:16:39.440", "metrics": {}, "published": "2026-03-20T02:16:39.440", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/490558172"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received"}

{"bugzilla": {"description": "chromium-browser: Inappropriate implementation in V8", "id": "2449399", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449399"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["An inappropriate implementation flaw was found in the V8 component of the Chromium browser.\nUpstream bug(s):\nhttps://code.google.com/p/chromium/issues/detail?id=490558172"], "name": "CVE-2026-4461", "public_date": "2026-03-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4461\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4461\nhttps://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html\nhttps://issues.chromium.org/issues/490558172"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[146.0.7680.153,146.0.7680.153)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-03-20T03:22:46.833977+00:00", "value": {"mitigation_remediation": ["Upgrade Google Chrome to version 146.0.7680.153 or later.", "Verify that the installed Chrome version is at least 146.0.7680.153.", "Monitor for additional security advisories from Google Chrome."], "summary": {"action": "Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The issue exists in Google Chrome versions older than 146.0.7680.153. All such installations are vulnerable if they can render malicious HTML content.", "description_and_impact": "This vulnerability is caused by an improper implementation in the V8 JavaScript engine of Google Chrome. A crafted HTML page can trigger a heap corruption bug that may allow a remote attacker to execute arbitrary code on the victim's system. The weakness is a heap\u2011based buffer overflow (CWE\u2011122).", "risk_and_exploitability": "The Chrome team has identified the flaw with a high severity rating. No CVSS score is provided in the data, and EPSS is unavailable, but the vulnerability is considered high risk due to the possibility of remote code execution via a web page. The vulnerability is not listed in CISA's KEV catalog."}}}}, "created": "2026-03-20T08:53:16.902218+00:00", "title": "Heap Corruption via Crafted HTML Page in Chrome V8", "updated": "2026-03-20T10:43:10.353534+00:00", "vendors": ["google", "google$PRODUCT$chrome"], "weaknesses": ["CWE-122"]}