CVE-2026-5864 – Google Chrome Release 147 Security Update
“A large release with many unknown scores still hides real risk in plain sight.”
Chrome Release 147 includes a broad set of vulnerabilities, many of which currently do not have published CVSS base scores . These issues span multiple browser components, including V8, WebML, WebRTC, and rendering engines, potentially allowing attackers to trigger memory corruption, crashes, or unauthorized behavior through crafted web content.
Several vulnerabilities with confirmed scores include CVE-2026-5866, CVE-2026-5908, CVE-2026-5909, CVE-2026-5910, CVE-2026-5912, and CVE-2026-5914, each with a CVSS score of 8.8, which is High severity. CVE-2026-5907 and CVE-2026-5915 have CVSS scores of 8.1, which is High severity. Medium severity issues include CVE-2026-5905 (6.5), CVE-2026-5919 (6.5), and CVE-2026-5906, CVE-2026-5911, CVE-2026-5918 (4.3).
There is no verified evidence of active exploitation or publicly available proof-of-concept code for these vulnerabilities. The update focuses on improving memory safety, fixing logic errors, and strengthening input validation across browser subsystems.
- CVE-2026-5858 — Severity not listed.
- CVE-2026-5859 — Severity not listed.
- CVE-2026-5860 — Severity not listed.
- CVE-2026-5861 — Severity not listed.
- CVE-2026-5862 — Severity not listed.
- CVE-2026-5863 — Severity not listed.
- CVE-2026-5864 — Severity not listed.
- CVE-2026-5865 — Severity not listed.
- CVE-2026-5866 — 8.8 (High)
- CVE-2026-5867 — Severity not listed.
- CVE-2026-5868 — Severity not listed.
- CVE-2026-5869 — Severity not listed.
- CVE-2026-5870 — Severity not listed.
- CVE-2026-5871 — Severity not listed.
- CVE-2026-5872 — Severity not listed.
- CVE-2026-5873 — Severity not listed.
- CVE-2026-5874 — Severity not listed.
- CVE-2026-5875 — Severity not listed.
- CVE-2026-5876 — Severity not listed.
- CVE-2026-5877 — Severity not listed.
- CVE-2026-5878 — Severity not listed.
- CVE-2026-5879 — Severity not listed.
- CVE-2026-5880 — Severity not listed.
- CVE-2026-5881 — Severity not listed.
- CVE-2026-5882 — Severity not listed.
- CVE-2026-5883 — Severity not listed.
- CVE-2026-5884 — Severity not listed.
- CVE-2026-5885 — Severity not listed.
- CVE-2026-5886 — Severity not listed.
- CVE-2026-5887 — Severity not listed.
- CVE-2026-5888 — Severity not listed.
- CVE-2026-5889 — Severity not listed.
- CVE-2026-5890 — Severity not listed.
- CVE-2026-5891 — Severity not listed.
- CVE-2026-5892 — Severity not listed.
- CVE-2026-5893 — Severity not listed.
- CVE-2026-5894 — Severity not listed.
- CVE-2026-5895 — Severity not listed.
- CVE-2026-5896 — Severity not listed.
- CVE-2026-5897 — Severity not listed.
- CVE-2026-5898 — Severity not listed.
- CVE-2026-5899 — Severity not listed.
- CVE-2026-5900 — Severity not listed.
- CVE-2026-5901 — Severity not listed.
- CVE-2026-5902 — Severity not listed.
- CVE-2026-5903 — Severity not listed.
- CVE-2026-5904 — Severity not listed.
- CVE-2026-5905 — 6.5 (Medium)
- CVE-2026-5906 — 4.3 (Medium)
- CVE-2026-5907 — 8.1 (High)
- CVE-2026-5908 — 8.8 (High)
- CVE-2026-5909 — 8.8 (High)
- CVE-2026-5910 — 8.8 (High)
- CVE-2026-5911 — 4.3 (Medium)
- CVE-2026-5912 — 8.8 (High)
- CVE-2026-5913 — Severity not listed.
- CVE-2026-5914 — 8.8 (High)
- CVE-2026-5915 — 8.1 (High)
- CVE-2026-5918 — 4.3 (Medium)
- CVE-2026-5919 — 6.5 (Medium)
Key Details
- Affected Product
- Google Chrome
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- CWE Classification
- CWE-122