You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2026-4456
About this tag
CVE-2026-4456 is a high-severity use-after-free vulnerability in the Digital Credentials API of Google Chrome, affecting versions prior to 146.0.7680.153. Discovered and patched by Google on March 18, 2026, the flaw could allow a remote attacker who had already compromised the renderer process to achieve a sandbox escape via a crafted HTML page. Microsoft's Security Update Guide also tracks this issue for downstream visibility. This tag covers discussions about the vulnerability, its impact, and the necessary update to Chrome 146.0.7680.153 to mitigate the risk.
The release of CVE-2026-4456 is another reminder that browser security increasingly hinges on tiny memory-lifetime mistakes with outsized consequences. Google says the flaw is a use-after-free in the Digital Credentials API, affecting Chrome versions before 146.0.7680.153, and that a remote...