cve-2026-5861

CVE-2026-5861 is a high-severity use-after-free vulnerability in the V8 JavaScript engine, affecting Google Chrome versions prior to 147.0.7727.55. Published on April 8, 2026, this bug allows a remote attacker to execute code inside the browser sandbox by tricking a user into visiting a crafted HTML page. For Windows users, the fix is included in Chrome 147, which is part of a dense April 2026 security update cycle. Microsoft's Security Update Guide confirms the issue, emphasizing that even mature browser engines can fall prey to classic memory-unsafe behavior. Users should ensure their Chrome browser is updated to the latest version to mitigate the risk of exploitation.