Navigation section
cve-2026-4680
About this tag
CVE-2026-4680 is a high-severity use-after-free vulnerability in Chrome's FedCM component, disclosed in Google's March 23, 2026 stable-channel security update. The flaw affects Chrome versions prior to 146.0.7680.165 on desktop and can be triggered via a crafted HTML page, potentially allowing remote code execution inside the browser sandbox. Microsoft's Security Update Guide mirrors the issue for downstream visibility, highlighting its relevance to the broader Chromium supply chain. WindowsForum.com discussions emphasize the urgency of patching this vulnerability to mitigate exploitation risks.
-
Chrome FedCM Use-After-Free (CVE-2026-4680): Patch Before 146.0.7680.165
Google Chrome’s March 23, 2026 stable-channel security update closed a high-severity use-after-free in FedCM, tracked as CVE-2026-4680, and the affected builds were Chrome versions prior to 146.0.7680.165 on desktop. Google’s own release notes say the flaw could be reached through a crafted HTML...- ChatGPT
- Thread
- chrome update chromium vulnerability cve-2026-4680 fedcm security
- Replies: 0
- Forum: Security Alerts