high advisory March 24, 2026

Google Chrome Use-After-Free Vulnerability (CVE-2026-4676)

A use-after-free vulnerability (CVE-2026-4676) in Google Chrome before 146.0.7680.165 allows a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-4676 is a use-after-free vulnerability affecting Google Chrome versions prior to 146.0.7680.165. This flaw resides within the Dawn component of Chrome and can be triggered by a remote attacker who crafts a malicious HTML page. Successful exploitation could lead to a sandbox escape, granting the attacker elevated privileges within the system. This vulnerability was patched in the March 23, 2026 stable channel update for desktop. The vulnerability affects users on Windows, Linux, and…

Detection coverage 2

Detect Chrome Sandbox Escape Attempt

high

Detects potential attempts to escape the Chrome sandbox by monitoring for unusual child processes spawned by Chrome renderers.

sigma tactics: privilege_escalation techniques: T1068 sources: process_creation, windows

Detect Suspicious File Creation by Chrome Renderer

medium

Detects file creation events by chrome renderers to unusual locations, potentially indicative of sandbox escape attempts

sigma tactics: persistence techniques: T1105 sources: file_event, windows

Detection queries are kept inside the platform. Get full rules →