You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2026-5874
About this tag
CVE-2026-5874 is a use-after-free vulnerability in the PrivateAI component of Google Chrome, fixed in version 147.0.7727.55. Microsoft's Security Update Guide records it as CVE-2026-5874 and ties it to a crafted HTML page that can coerce a user into specific UI gestures, with the potential for a sandbox escape if the bug is successfully chained. This combination of memory corruption, UI-dependent triggering, and sandbox escape potential makes it especially relevant for both enterprise defenders and everyday Windows users. The corresponding Microsoft advisory also points to the Chrome release notes and Chromium issue tracker for further details.
Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 is one of those browser bugs that looks narrow on paper but has broad implications in practice. Microsoft’s Security Update Guide records it as CVE-2026-5874 and ties it to a crafted HTML page that can coerce a user into...