wid-sec-w-2026-0808 · Published 2026-03-19 · View on BSI CERT-Bund ↗

Google Chrome/Microsoft Edge: Multiple Vulnerabilities

CVSS 8.8 HIGH

Risk Summary

Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVEs (26)

CVE-2026-4439 CVE-2026-4440 CVE-2026-4441 CVE-2026-4442 CVE-2026-4443 CVE-2026-4444 CVE-2026-4445 CVE-2026-4446 CVE-2026-4447 CVE-2026-4448 CVE-2026-4449 CVE-2026-4450 CVE-2026-4451 CVE-2026-4452 CVE-2026-4453 CVE-2026-4454 CVE-2026-4455 CVE-2026-4456 CVE-2026-4457 CVE-2026-4458 CVE-2026-4459 CVE-2026-4460 CVE-2026-4461 CVE-2026-4462 CVE-2026-4463 CVE-2026-4464

Affected Vendors

Debian Fedora Google Microsoft SUSE

Affected Products (6)

Google · Chrome <146.0.7680.153

Google · Chrome 146.0.7680.153

Google · Chrome <146.0.7680.154

Google · Chrome 146.0.7680.154

Microsoft · Edge <146.0.3856.72

Microsoft · Edge 146.0.3856.72

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more