wid-sec-w-2026-0937 · Published 2026-03-31 · View on BSI CERT-Bund ↗

Google Chrome and Microsoft Edge: Multiple Vulnerabilities

CVSS 9.6 CRITICAL CISA KEV — Known Exploited

Risk Summary

Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

CVEs (21)

CVE-2026-5272 CVE-2026-5273 CVE-2026-5274 CVE-2026-5275 CVE-2026-5276 CVE-2026-5277 CVE-2026-5278 CVE-2026-5279 CVE-2026-5280 CVE-2026-5281 CVE-2026-5282 CVE-2026-5283 CVE-2026-5284 CVE-2026-5285 CVE-2026-5286 CVE-2026-5287 CVE-2026-5288 CVE-2026-5289 CVE-2026-5290 CVE-2026-5291 CVE-2026-5292

Affected Vendors

Debian Fedora Google Microsoft SUSE

Affected Products (6)

Google · Chrome <146.0.7680.177

Google · Chrome 146.0.7680.177

Google · Chrome <146.0.7680.178

Google · Chrome 146.0.7680.178

Microsoft · Edge <146.0.3856.97

Microsoft · Edge 146.0.3856.97

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more