CVE-2026-5914
Received Received - Intake
Type Confusion in Chrome CSS Enables Heap Corruption via Extensions

Publication date: 2026-04-08

Last updated on: 2026-04-29

Assigner: Chrome

Description
Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2026-04-09
EPSS Evaluated
2026-05-05
NVD
CVE-2026-5914
EUVD
EUVD-2026-20748
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
google chrome to 147.0.7727.55 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-843 The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a type confusion issue in the CSS component of Google Chrome versions prior to 147.0.7727.55. It allows an attacker who convinces a user to install a malicious Chrome extension to potentially exploit heap corruption by using a specially crafted extension.


How can this vulnerability impact me? :

If exploited, this vulnerability could lead to heap corruption in the Chrome browser, which might be used by an attacker to execute arbitrary code or cause a crash. However, exploitation requires the user to install a malicious extension, and the overall severity is considered low.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart