{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1862", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-02-03T20:25:08.695Z", "datePublished": "2026-02-03T20:56:48.455Z", "dateUpdated": "2026-02-26T15:04:22.687Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "144.0.7559.132", "status": "affected", "lessThan": "144.0.7559.132", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Type Confusion", "cweId": "CWE-843"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-02-03T20:56:48.455Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop.html"}, {"url": "https://issues.chromium.org/issues/479726070"}]}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-1862", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-04T04:56:10.376559Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:04:22.687Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-02-09T16:09:03.214Z"}, "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-1862"}], "title": "CVE Program Container", "x_generator": {"engine": "ADPogram 0.0.1"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-1862"}], "x_generator": {"engine": "ADPogram 0.0.1"}, "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-02-09T16:09:03.214Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-1862", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-03T21:18:18.369868Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T21:18:34.785Z"}}], "cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"status": "affected", "version": "144.0.7559.132", "lessThan": "144.0.7559.132", "versionType": "custom"}]}], "references": [{"url": "https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop.html"}, {"url": "https://issues.chromium.org/issues/479726070"}], "descriptions": [{"lang": "en", "value": "Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-843", "description": "Type Confusion"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-02-03T20:56:48.455Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1862", "state": "PUBLISHED", "dateUpdated": "2026-02-09T16:09:03.214Z", "dateReserved": "2026-02-03T20:25:08.695Z", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "datePublished": "2026-02-03T20:56:48.455Z", "assignerShortName": "Chrome"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "79AA1F6A-5CFF-4F19-AF14-2D79D8327564", "versionEndExcluding": "144.0.7559.132", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}], "id": "CVE-2026-1862", "lastModified": "2026-02-11T18:48:26.643", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-03T21:16:12.943", "references": [{"source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"], "url": "https://issues.chromium.org/issues/479726070"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-1862"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-843"}], "source": "chrome-cve-admin@google.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T00:02:44.751859+00:00", "value": {"mitigation_remediation": ["Install Chrome version 144.0.7559.132 or newer through the official update channel.", "Ensure automatic updates are enabled so that future patches are applied automatically.", "If an immediate update cannot be made, isolate affected machines from untrusted web content and monitor for suspicious browser activity until the vulnerability is remediated."], "summary": {"action": "Patch Now", "impact": "Remote Code Execution via heap corruption"}, "threat_synthesis": {"affected_systems": "All installations of Google Chrome 144.0.7559.131 and earlier on Windows, macOS and Linux are susceptible. The flaw resides solely in the browser component and is independent of the underlying operating system, so any user running those versions is at risk until an update is applied.", "description_and_impact": "The vulnerability arises from a type\u2011confusion flaw in the V8 JavaScript engine that powers Chrome. In Chrome versions prior to 144.0.7559.132 a malformed object could be misinterpreted, causing heap corruption that may allow an attacker to execute arbitrary code or crash the browser, thereby jeopardizing confidentiality, integrity and availability of the user\u2019s environment.", "risk_and_exploitability": "The CVSS score of 8.8 reflects a high\u2011severity impact, while an EPSS score of less than 1% indicates a very low but non\u2011zero likelihood of current exploitation and the vulnerability is not listed in CISA\u2019s KEV catalog. Exploitation would require delivery of a crafted HTML page to the victim, a common web\u2011based attack vector. The combination of high impact and low exploitation probability suggests client\u2011side mitigation through timely updates is critical."}}}}, "created": "2026-02-04T12:05:39.245263+00:00", "title": "Type Confusion in V8 Leading to Heap Corruption via Crafted HTML Page", "updated": "2026-04-18T00:15:31.770549+00:00", "vendors": ["google", "google$PRODUCT$chrome", "google$PRODUCT$v8"]}