CVE-2026-5866: Use after free in Media
Published Mar 13, 2026
·Updated
Chromium: CVE-2026-5866 Use after free in Media
Other sources
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
— Microsoft
Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
— NVD
Credit
c6eed09fc8b174b0f3eebedcceb1e792
Affected Software
6 affected componentsFixes available
Microsoft Edge (Chromium-based)
Microsoft Edge<147.0.3912.60
All of the following
Google Chrome<147.0.7727.55
Any of the following
Apple macOS
Linux Linux kernel
Microsoft Windows
Event History
Apr 8, 2026
CVE Published
via MITRE·09:20 PM
Data Sourced
via MITRE·09:20 PM
DescriptionWeakness
Data Sourced
via NVD·10:16 PM
DescriptionSeverityWeaknessAffected Software
Apr 11, 2026
Data Sourced
via Microsoft·12:31 AM
DescriptionSeverityWeaknessAffected Software
Updated
via Microsoft·12:31 AM
DescriptionAffected Software
May 11, 2026
Data Sourced
12:00 AM
SeverityWeakness
Peer vulnerabilities
Found alongside the following vulnerabilities.