Cyber Posture

CVE-2026-1862

High

Published: 03 February 2026

Published
03 February 2026
Modified
11 February 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0006 19.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1862 is a high-severity Type Confusion (CWE-843) vulnerability in Google Chrome. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked at the 19.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Threat & Defense at a Glance

What attackers do: exploitation maps to Drive-by Compromise (T1189) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mandates timely identification, reporting, and patching of software flaws like the V8 type confusion vulnerability in Chrome prior to version 144.0.7559.132.

SI-16 Memory Protection partial match
prevent

Implements memory protection mechanisms such as ASLR and DEP that mitigate heap corruption exploitation resulting from the type confusion vulnerability.

RA-5 Vulnerability Monitoring and Scanning partial match
detect

Enables ongoing vulnerability scanning to identify systems running vulnerable Chrome versions affected by CVE-2026-1862.

MITRE ATT&CK Enterprise TechniquesAI

T1189 Drive-by Compromise Initial Access
Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.
attack.mitre.org →
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
Why these techniques?

Type confusion in V8 enables RCE via malicious webpage (drive-by) and client-side exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Deeper analysisAI

CVE-2026-1862 is a type confusion vulnerability (CWE-843) in the V8 JavaScript engine within Google Chrome versions prior to 144.0.7559.132. Published on 2026-02-03, it enables potential heap corruption when processing a crafted HTML page. The issue carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is rated High severity by Chromium security.

A remote attacker without privileges can exploit this vulnerability by tricking a user into visiting a malicious website with the crafted HTML page, requiring user interaction such as clicking a link. Successful exploitation could lead to high confidentiality, integrity, and availability impacts, potentially allowing heap corruption and arbitrary code execution in the context of the browser.

Google addressed the vulnerability in Chrome stable channel update 144.0.7559.132, as detailed in the Chrome Releases blog (https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop.html), Chromium issue tracker (https://issues.chromium.org/issues/479726070), and Microsoft's Update Guide (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-1862). Users should apply the patch promptly to mitigate risk.

Details

CWE(s)
CWE-843

Affected Products

google
chrome
≤ 144.0.7559.132

CVEs Like This One

CVE-2026-6307Same product: Apple Macos
CVE-2025-13230Same product: Apple Macos
CVE-2026-5865Same product: Apple Macos
CVE-2025-10585Same product: Apple Macos
CVE-2025-13224Same product: Apple Macos
CVE-2025-13226Same product: Apple Macos
CVE-2025-13229Same product: Apple Macos
CVE-2025-13227Same product: Apple Macos
CVE-2026-5871Same product: Apple Macos
CVE-2025-13630Same product: Apple Macos

References