Google Chrome WebGPU Use-After-Free Vulnerability (CVE-2026-4678)
A use-after-free vulnerability in Google Chrome's WebGPU component (CVE-2026-4678) allows a remote attacker to execute arbitrary code within a sandbox by crafting a malicious HTML page, affecting Chrome versions prior to 146.0.7680.165.
CVE-2026-4678 is a use-after-free vulnerability impacting Google Chrome versions earlier than 146.0.7680.165. The vulnerability resides within the WebGPU component, a modern graphics API. An unauthenticated, remote attacker can exploit this flaw by enticing a user to open a specially crafted HTML page. Successful exploitation allows the attacker to execute arbitrary code inside the Chrome sandbox. The Chromium project rates this as a High severity issue due to the potential for arbitrary code…
Detection coverage 2
Detect Chrome WebGPU Use-After-Free Exploit Attempt
highDetects potential attempts to exploit the Chrome WebGPU use-after-free vulnerability (CVE-2026-4678) by looking for suspicious patterns in HTTP requests.
Detect Suspicious Web Requests Targeting Chrome
mediumDetects suspicious web requests potentially related to Chrome exploits by looking for unusual user agents and request patterns.
Detection queries are kept inside the platform. Get full rules →