{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3545", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-03-04T18:18:30.352Z", "datePublished": "2026-03-04T19:24:30.797Z", "dateUpdated": "2026-03-05T14:09:34.126Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "145.0.7632.159", "status": "affected", "lessThan": "145.0.7632.159", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Insufficient data validation"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-03-04T19:24:30.797Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html"}, {"url": "https://issues.chromium.org/issues/487383169"}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-20", "lang": "en", "description": "CWE-20 Improper Input Validation"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-05T14:09:31.226480Z", "id": "CVE-2026-3545", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T14:09:34.126Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"status": "affected", "version": "145.0.7632.159", "lessThan": "145.0.7632.159", "versionType": "custom"}]}], "references": [{"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html"}, {"url": "https://issues.chromium.org/issues/487383169"}], "descriptions": [{"lang": "en", "value": "Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Insufficient data validation"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-03-04T19:24:30.797Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-3545", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-05T14:09:31.226480Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-05T14:09:24.347Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-3545", "state": "PUBLISHED", "dateUpdated": "2026-03-04T19:24:30.797Z", "dateReserved": "2026-03-04T18:18:30.352Z", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "datePublished": "2026-03-04T19:24:30.797Z", "assignerShortName": "Chrome"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AD3739D-3659-4D93-976A-B6444DAC160F", "versionEndExcluding": "145.0.7632.159", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "05AB209F-109C-44C0-8CE2-81F4AA11A079", "versionEndExcluding": "145.0.7632.160", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}], "id": "CVE-2026-3545", "lastModified": "2026-03-05T21:57:27.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-04T20:16:21.690", "references": [{"source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://issues.chromium.org/issues/487383169"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "chromium-browser: Insufficient data validation in Navigation", "id": "2444615", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444615"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"], "name": "CVE-2026-3545", "public_date": "2026-03-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-3545\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-3545\nhttps://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html\nhttps://issues.chromium.org/issues/487383169"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,145.0.7632.159)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-17T13:02:16.340588+00:00", "value": {"mitigation_remediation": ["Update Google Chrome to version 145.0.7632.159 or later, ensuring the latest security fixes are installed", "Enable automatic updates to receive future patches without delay", "If upgrading is not immediately possible, restrict user access to untrusted web content, such as disabling hyperlink navigation in certain contexts or employing application whitelisting to prevent execution of malicious HTML"], "summary": {"action": "Immediate Patch", "impact": "Sandbox escape leading to potential remote code execution"}, "threat_synthesis": {"affected_systems": "All operating systems that run Google Chrome, including Windows, macOS, Linux, and any other platforms supported by Chrome, are affected when using versions older than 145.0.7632.159. The issue applies to the stable channel update referenced in the advisory and all earlier releases of that channel.", "description_and_impact": "Google Chrome versions prior to 145.0.7632.159 lack sufficient data validation in the navigation mechanism, enabling a remote attacker to craft an HTML page that may break the browser sandbox. The flaw is an instance of improper input validation (CWE\u201120) and has a CVSS score of 9.6, indicating a high\u2011severity vulnerability. If exploited, the attacker could escape the browser sandbox and execute arbitrary code with the privileges of the user\u2019s account, compromising confidentiality, integrity, and availability of the system.", "risk_and_exploitability": "The EPSS score is below 1\u202f%, suggesting a low probability of exploitation in the wild, and the vulnerability is not currently listed in the CISA KEV catalog. The likely attack vector is remote, requiring delivery of a crafted HTML page to the user, commonly via phishing, malicious advertising, or compromised legitimate sites. Once the user navigates to the page, the browser executes the navigation code with insufficient validation, potentially leading to sandbox escape and code execution. The overall risk is high due to the severity score, but the low exploitation probability and absence from KEV mitigate immediate threat."}}}}, "created": "2026-03-05T09:05:49.662900+00:00", "updated": "2026-04-17T13:15:19.650186+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}