{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5859", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-08T19:34:31.788Z", "datePublished": "2026-04-08T21:20:39.849Z", "dateUpdated": "2026-04-08T21:20:39.849Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.55", "status": "affected", "lessThan": "147.0.7727.55", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Integer overflow", "cweId": "CWE-472"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-08T21:20:39.849Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"url": "https://issues.chromium.org/issues/494158331"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)"}], "id": "CVE-2026-5859", "lastModified": "2026-04-08T22:16:25.383", "metrics": {}, "published": "2026-04-08T22:16:25.383", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/494158331"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-472"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[147.0.7727.55,147.0.7727.55)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-08T22:51:40.321885+00:00", "value": {"mitigation_remediation": ["Update Google Chrome to version 147.0.7727.55 or later"], "summary": {"action": "Patch immediately", "impact": "Potential remote code execution through heap corruption"}, "threat_synthesis": {"affected_systems": "All users running Google Chrome versions prior to 147.0.7727.55 are affected. The vulnerability is present in the desktop stable channel of Chrome and is triggered via web content loaded in the browser.", "description_and_impact": "A signed integer overflow within the WebML module of Google Chrome allowed an attacker to trigger heap corruption by loading a specially crafted HTML page. This flaw could enable arbitrary code execution in the user's context and compromise the confidentiality, integrity, and availability of the system.", "risk_and_exploitability": "The flaw is classified as critical with a severity rating that correlates to high exploitation potential. No EPSS score is available and the vulnerability has not been listed in CISA's KEV catalog. The likely attack vector is a malicious HTML page delivered over the Internet, exploiting the overflow during page rendering. The impact extends system-wide due to the crash or execution of arbitrary code in the browser process."}}}}, "created": "2026-04-09T08:17:43.574116+00:00", "title": "Integer Overflow in Chrome WebML Leading to Heap Corruption", "updated": "2026-04-09T08:27:07.095542+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}