VDB
CVE-2026-5287
CVE-2026-5287
PUBLISHED
Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
EPSS 0.05% · 14.5th percentile
Risk Scores
EPSS Score
0.05%
14.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | 146.0.7680.178 |
Timeline
- Apr 1, 2026 EPSS Score
- Apr 1, 2026 CVE Published
- Apr 1, 2026 PoC Published
- Apr 1, 2026 Security Advisory
- Apr 2, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
References
- https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html url
- https://issues.chromium.org/issues/494644471 url
- https://nvd.nist.gov/vuln/detail/CVE-2026-5287 advisory
- https://security.paloaltonetworks.com/CVE-2026-0233 advisory
- https://security.paloaltonetworks.com/CVE-2026-0234 advisory
- https://security.paloaltonetworks.com/CVE-2026-0232 advisory
- https://security.paloaltonetworks.com/PAN-SA-2026-0004 advisory