• /
  • EnglishEspañolFrançais日本語한국어Português
  • Se connecterDémarrer

NR26-04: Google Chrome – Critical Use-After-Free (CVE-2026-5281)

Vulnerability Identifier: NR26-04

Priority: Critical

Summary

We are notifying customers of a critical security vulnerability (CVE-2026-5281) identified in Google Chrome. This issue originates from a third-party component and is not a flaw in the New Relic product itself.

Within the New Relic ecosystem, the potential impact is limited to Synthetic Monitoring. Specifically, exposure may occur only if a synthetic monitor using a vulnerable browser instance navigates to a malicious or compromised webpage.

Action required

To use the latest Chrome version (146.0.7680.177) with Synthetics Node Browser Runtimes:

For Public Monitors: Select Latest from the runtime version dropdown in your monitor settings for Scripted Browser monitors

Image of Chrome latest runtime version selection in monitor settings

For Private Monitors: Use DockerHub Image with rc1.14 tag (link) to get the latest synthetics-node-browser-runtime image which uses chrome 146.0.7680.177 version. You can use the DESIRED_RUNTIMES variable to configure the runtime version while starting the Private Location.

Frequently Asked Questions

  1. How can I tell if my scripted monitors are impacted?

    Customers can get a list of monitors that are not on the latest Chrome version by using this account-specific NRQL query:

    select uniques(monitorId) from SyntheticCheck where type = 'SCRIPT_BROWSER' and browserVersion !='146.0.7680.177-1' and browser!='FIREFOX' since 1 week ago

  2. If I am running on Private Locations do I need to update my Synthetics Job Managers along with Node Browser Runtimes?

    We generally recommend customers use the latest SJM release (release-513 or later).

  3. How do I update the Simple Browser and Step Monitors?

    For Public Location: No separate action is required from customers as we are upgrading to Latest from our end.

    For Private Locations: Use DockerHub Image with rc1.14 tag (link) to get the latest synthetics-node-browser-runtime image which uses chrome 146.0.7680.177 version. You can use the DESIRED_RUNTIMES variable to configure the runtime version while starting the Private Location.

  4. What should I do if my Scripted Browser monitor is failing after upgrading to the latest version of Chrome?

    If you encounter issues validating your scripts on the latest Chrome 146+ runtime, please refer to following documents for reference:

    If additional assistance is needed, open a case with our Support team through the help section in the New Relic platform.

Technical Vulnerability Information

CVE-2026-5281

Publication History

April 04, 2026 - NR26-04 Published

Droits d'auteur © 2026 New Relic Inc.
RecrutementConditions de servicePolitique DMCAAvis de brevetAvis de confidentialitéCookiesLoi britannique sur l'esclavage

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.