Google Chrome FedCM Use-After-Free Vulnerability (CVE-2026-4680)
A use-after-free vulnerability in Google Chrome's FedCM component (CVE-2026-4680) allows a remote attacker to execute arbitrary code within a sandbox by exploiting a crafted HTML page.
A use-after-free vulnerability, identified as CVE-2026-4680, exists in the FedCM implementation of Google Chrome. This flaw affects versions prior to 146.0.7680.165. Exploitation is possible by a remote attacker who crafts a malicious HTML page. Successful exploitation allows for arbitrary code execution within the Chrome sandbox, potentially leading to further compromise. The Chromium security team has rated this vulnerability as High severity. This issue impacts users across Windows, Linux…
Detection coverage 2
Detect Suspicious Chrome Process Argument
highDetects potentially malicious Chrome processes based on command-line arguments often used in exploitation attempts.
Detect Suspicious Chrome Process Argument Linux
highDetects potentially malicious Chrome processes on Linux based on command-line arguments often used in exploitation attempts.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1