Vulnerability-Lookup

WID-SEC-W-2026-1130

Vulnerability from csaf_certbund - Published: 2026-04-15 22:00 - Updated: 2026-04-27 22:00

Summary

Google Chrome/Microsoft Edge: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Chrome ist ein Internet-Browser von Google. Edge ist ein Internet-Browser von Microsoft.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Google Chrome/Microsoft Edge ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, darunter möglicherweise Codeausführung, Umgehung von Sicherheitsmaßnahmen, Denial-of-Service Datenmanipulation oder -offenlegung.

Betroffene Betriebssysteme: - Linux - MacOS X - Windows

CVE-2026-6296

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6297

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6298

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6299

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6300

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6301

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6302

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6303

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6304

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6305

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6306

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6307

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6308

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6309

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6310

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6311

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6312

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6313

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6314

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6315

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6316

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6317

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6318

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6319

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6358

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6359

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6360

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6361

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6362

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6363

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-6364

Affected products

Known affected 8 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Google Chrome <147.0.7727.101 Google / Chrome		<147.0.7727.101
Microsoft Edge <146.0.3856.130 Microsoft / Edge		<146.0.3856.130
Google Chrome <147.0.7727.102 Google / Chrome		<147.0.7727.102
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <147.0.3912.72 Microsoft / Edge		<147.0.3912.72
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

References

15 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
http://chromereleases.googleblog.com/2026/04/stab…	external
https://learn.microsoft.com/en-us/deployedge/micr…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://lists.debian.org/debian-security-announce…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.opensuse.org/archives/list/security…	external
https://kb.igel.com/en/security-safety/current/is…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Chrome ist ein Internet-Browser von Google.\r\nEdge ist ein Internet-Browser von Microsoft.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Google Chrome/Microsoft Edge ausnutzen, um nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren, darunter m\u00f6glicherweise Codeausf\u00fchrung, Umgehung von Sicherheitsma\u00dfnahmen, Denial-of-Service Datenmanipulation oder -offenlegung.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1130 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1130.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1130 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1130"
      },
      {
        "category": "external",
        "summary": "Google Stable Channel Update for Desktop vom 2026-04-15",
        "url": "http://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"
      },
      {
        "category": "external",
        "summary": "Release notes for Microsoft Edge Security Updates vom 2026-04-16",
        "url": "https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#april-16-2026"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-3675AC2066 vom 2026-04-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-3675ac2066"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2026-F2AC7803F9 vom 2026-04-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-f2ac7803f9"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-CA6321E5F1 vom 2026-04-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-ca6321e5f1"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2026-6D455368FD vom 2026-04-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-6d455368fd"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2026-9CE82C1A41 vom 2026-04-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-9ce82c1a41"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2026-C7FA5F9BE3 vom 2026-04-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-c7fa5f9be3"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-D3C82235D4 vom 2026-04-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-d3c82235d4"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6214 vom 2026-04-17",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00124.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10572-1 vom 2026-04-19",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/P6JPHYU3MZQ7B6CXW6S4BJG27U2BQENL/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:20588-1 vom 2026-04-21",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YDJKMQKUR5TEKJHWNMVSE7MWJQQ3RD7C/"
      },
      {
        "category": "external",
        "summary": "IGEL Security Notice ISN-2026-14 vom 2026-04-28",
        "url": "https://kb.igel.com/en/security-safety/current/isn-2026-14-critical-chromium-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Google Chrome/Microsoft Edge: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-04-27T22:00:00.000+00:00",
      "generator": {
        "date": "2026-04-28T11:24:14.281+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-1130",
      "initial_release_date": "2026-04-15T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-15T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-04-16T22:00:00.000+00:00",
          "number": "2",
          "summary": "Edge Update aufgenommen"
        },
        {
          "date": "2026-04-19T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-04-21T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-04-27T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von IGEL aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c147.0.7727.101",
                "product": {
                  "name": "Google Chrome \u003c147.0.7727.101",
                  "product_id": "T052878"
                }
              },
              {
                "category": "product_version",
                "name": "147.0.7727.101",
                "product": {
                  "name": "Google Chrome 147.0.7727.101",
                  "product_id": "T052878-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:google:chrome:147.0.7727.101"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c147.0.7727.102",
                "product": {
                  "name": "Google Chrome \u003c147.0.7727.102",
                  "product_id": "T052879"
                }
              },
              {
                "category": "product_version",
                "name": "147.0.7727.102",
                "product": {
                  "name": "Google Chrome 147.0.7727.102",
                  "product_id": "T052879-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:google:chrome:147.0.7727.102"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Chrome"
          }
        ],
        "category": "vendor",
        "name": "Google"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IGEL OS",
            "product": {
              "name": "IGEL OS",
              "product_id": "T017865",
              "product_identification_helper": {
                "cpe": "cpe:/o:igel:os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IGEL"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c147.0.3912.72",
                "product": {
                  "name": "Microsoft Edge \u003c147.0.3912.72",
                  "product_id": "T052932"
                }
              },
              {
                "category": "product_version",
                "name": "147.0.3912.72",
                "product": {
                  "name": "Microsoft Edge 147.0.3912.72",
                  "product_id": "T052932-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:edge:147.0.3912.72"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c146.0.3856.130",
                "product": {
                  "name": "Microsoft Edge \u003c146.0.3856.130",
                  "product_id": "T052933"
                }
              },
              {
                "category": "product_version",
                "name": "146.0.3856.130",
                "product": {
                  "name": "Microsoft Edge 146.0.3856.130",
                  "product_id": "T052933-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:edge:146.0.3856.130"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Edge"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-6296",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6296"
    },
    {
      "cve": "CVE-2026-6297",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6297"
    },
    {
      "cve": "CVE-2026-6298",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6298"
    },
    {
      "cve": "CVE-2026-6299",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6299"
    },
    {
      "cve": "CVE-2026-6300",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6300"
    },
    {
      "cve": "CVE-2026-6301",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6301"
    },
    {
      "cve": "CVE-2026-6302",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6302"
    },
    {
      "cve": "CVE-2026-6303",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6303"
    },
    {
      "cve": "CVE-2026-6304",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6304"
    },
    {
      "cve": "CVE-2026-6305",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6305"
    },
    {
      "cve": "CVE-2026-6306",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6306"
    },
    {
      "cve": "CVE-2026-6307",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6307"
    },
    {
      "cve": "CVE-2026-6308",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6308"
    },
    {
      "cve": "CVE-2026-6309",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6309"
    },
    {
      "cve": "CVE-2026-6310",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6310"
    },
    {
      "cve": "CVE-2026-6311",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6311"
    },
    {
      "cve": "CVE-2026-6312",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6312"
    },
    {
      "cve": "CVE-2026-6313",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6313"
    },
    {
      "cve": "CVE-2026-6314",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6314"
    },
    {
      "cve": "CVE-2026-6315",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6315"
    },
    {
      "cve": "CVE-2026-6316",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6316"
    },
    {
      "cve": "CVE-2026-6317",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6317"
    },
    {
      "cve": "CVE-2026-6318",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6318"
    },
    {
      "cve": "CVE-2026-6319",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6319"
    },
    {
      "cve": "CVE-2026-6358",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6358"
    },
    {
      "cve": "CVE-2026-6359",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6359"
    },
    {
      "cve": "CVE-2026-6360",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6360"
    },
    {
      "cve": "CVE-2026-6361",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6361"
    },
    {
      "cve": "CVE-2026-6362",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6362"
    },
    {
      "cve": "CVE-2026-6363",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6363"
    },
    {
      "cve": "CVE-2026-6364",
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T052878",
          "T052933",
          "T052879",
          "T027843",
          "T052932",
          "74185"
        ]
      },
      "release_date": "2026-04-15T22:00:00.000+00:00",
      "title": "CVE-2026-6364"
    }
  ]
}

CVE-2026-6296 (GCVE-0-2026-6296)

Vulnerability from cvelistv5 – Published: 2026-04-15 19:04 – Updated: 2026-05-26 17:44

Summary

Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Severity

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-122 - Heap buffer overflow
CWE-122 - Heap-based Buffer Overflow

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/04/sta…
https://issues.chromium.org/issues/490170083

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 147.0.7727.101 , < 147.0.7727.101 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.6,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6296",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-26T17:44:17.956399Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-122",
                "description": "CWE-122 Heap-based Buffer Overflow",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-26T17:44:45.603Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "147.0.7727.101",
              "status": "affected",
              "version": "147.0.7727.101",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap buffer overflow",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-15T19:04:45.229Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"
        },
        {
          "url": "https://issues.chromium.org/issues/490170083"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-6296",
    "datePublished": "2026-04-15T19:04:45.229Z",
    "dateReserved": "2026-04-14T18:12:19.343Z",
    "dateUpdated": "2026-05-26T17:44:45.603Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6297 (GCVE-0-2026-6297)

Vulnerability from cvelistv5 – Published: 2026-04-15 19:04 – Updated: 2026-05-27 16:52

Summary

Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Severity

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use after free
CWE-416 - Use After Free

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/04/sta…
https://issues.chromium.org/issues/493628982

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 147.0.7727.101 , < 147.0.7727.101 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6297",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-16T03:55:52.830969Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-27T16:52:17.781Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "147.0.7727.101",
              "status": "affected",
              "version": "147.0.7727.101",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use after free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-15T19:04:46.102Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"
        },
        {
          "url": "https://issues.chromium.org/issues/493628982"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-6297",
    "datePublished": "2026-04-15T19:04:46.102Z",
    "dateReserved": "2026-04-14T18:12:19.764Z",
    "dateUpdated": "2026-05-27T16:52:17.781Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6298 (GCVE-0-2026-6298)

Vulnerability from cvelistv5 – Published: 2026-04-15 19:04 – Updated: 2026-05-27 16:53

Summary

Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-122 - Heap buffer overflow
CWE-122 - Heap-based Buffer Overflow

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/04/sta…
https://issues.chromium.org/issues/495700484

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 147.0.7727.101 , < 147.0.7727.101 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6298",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-15T20:25:33.067097Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-122",
                "description": "CWE-122 Heap-based Buffer Overflow",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-27T16:53:54.203Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "147.0.7727.101",
              "status": "affected",
              "version": "147.0.7727.101",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap buffer overflow",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-15T19:04:46.537Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"
        },
        {
          "url": "https://issues.chromium.org/issues/495700484"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-6298",
    "datePublished": "2026-04-15T19:04:46.537Z",
    "dateReserved": "2026-04-14T18:12:20.155Z",
    "dateUpdated": "2026-05-27T16:53:54.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6299 (GCVE-0-2026-6299)

Vulnerability from cvelistv5 – Published: 2026-04-15 19:04 – Updated: 2026-05-26 18:44

Summary

Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use after free
CWE-416 - Use After Free

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/04/sta…
https://issues.chromium.org/issues/497053588

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 147.0.7727.101 , < 147.0.7727.101 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6299",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-16T03:55:53.973782Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-26T18:44:19.526Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "147.0.7727.101",
              "status": "affected",
              "version": "147.0.7727.101",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use after free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-15T19:04:47.116Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"
        },
        {
          "url": "https://issues.chromium.org/issues/497053588"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-6299",
    "datePublished": "2026-04-15T19:04:47.116Z",
    "dateReserved": "2026-04-14T18:12:20.506Z",
    "dateUpdated": "2026-05-26T18:44:19.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6300 (GCVE-0-2026-6300)

Vulnerability from cvelistv5 – Published: 2026-04-15 19:04 – Updated: 2026-05-26 17:47

Summary

Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use after free
CWE-416 - Use After Free

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/04/sta…
https://issues.chromium.org/issues/491994185

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 147.0.7727.101 , < 147.0.7727.101 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6300",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-16T03:55:57.630187Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-26T17:47:42.608Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "147.0.7727.101",
              "status": "affected",
              "version": "147.0.7727.101",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use after free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-15T19:04:48.606Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"
        },
        {
          "url": "https://issues.chromium.org/issues/491994185"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-6300",
    "datePublished": "2026-04-15T19:04:48.606Z",
    "dateReserved": "2026-04-14T18:12:20.884Z",
    "dateUpdated": "2026-05-26T17:47:42.608Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6301 (GCVE-0-2026-6301)

Vulnerability from cvelistv5 – Published: 2026-04-15 19:04 – Updated: 2026-05-26 18:27

Summary

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-843 - Type Confusion
CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/04/sta…
https://issues.chromium.org/issues/495273999

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 147.0.7727.101 , < 147.0.7727.101 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6301",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-16T03:55:58.725941Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-843",
                "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-26T18:27:59.627Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "147.0.7727.101",
              "status": "affected",
              "version": "147.0.7727.101",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-843",
              "description": "Type Confusion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-15T19:04:49.077Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"
        },
        {
          "url": "https://issues.chromium.org/issues/495273999"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-6301",
    "datePublished": "2026-04-15T19:04:49.077Z",
    "dateReserved": "2026-04-14T18:12:21.241Z",
    "dateUpdated": "2026-05-26T18:27:59.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6302 (GCVE-0-2026-6302)

Vulnerability from cvelistv5 – Published: 2026-04-15 19:04 – Updated: 2026-05-26 17:54

Summary

Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use after free
CWE-416 - Use After Free

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/04/sta…
https://issues.chromium.org/issues/495477995

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 147.0.7727.101 , < 147.0.7727.101 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6302",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-26T17:54:00.618860Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-26T17:54:57.339Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "147.0.7727.101",
              "status": "affected",
              "version": "147.0.7727.101",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use after free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-15T19:04:49.608Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"
        },
        {
          "url": "https://issues.chromium.org/issues/495477995"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-6302",
    "datePublished": "2026-04-15T19:04:49.608Z",
    "dateReserved": "2026-04-14T18:12:21.625Z",
    "dateUpdated": "2026-05-26T17:54:57.339Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6303 (GCVE-0-2026-6303)

Vulnerability from cvelistv5 – Published: 2026-04-15 19:04 – Updated: 2026-05-27 17:02

Summary

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use after free
CWE-416 - Use After Free

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/04/sta…
https://issues.chromium.org/issues/496282147

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 147.0.7727.101 , < 147.0.7727.101 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6303",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-16T03:56:03.474798Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-27T17:02:35.074Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "147.0.7727.101",
              "status": "affected",
              "version": "147.0.7727.101",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use after free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-15T19:04:50.052Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"
        },
        {
          "url": "https://issues.chromium.org/issues/496282147"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-6303",
    "datePublished": "2026-04-15T19:04:50.052Z",
    "dateReserved": "2026-04-14T18:12:21.994Z",
    "dateUpdated": "2026-05-27T17:02:35.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6304 (GCVE-0-2026-6304)

Vulnerability from cvelistv5 – Published: 2026-04-15 19:04 – Updated: 2026-05-26 18:45

Summary

Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Severity

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use after free
CWE-416 - Use After Free

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/04/sta…
https://issues.chromium.org/issues/496393742

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 147.0.7727.101 , < 147.0.7727.101 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6304",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-16T03:56:05.010108Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-26T18:45:39.655Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "147.0.7727.101",
              "status": "affected",
              "version": "147.0.7727.101",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use after free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-15T19:04:50.503Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"
        },
        {
          "url": "https://issues.chromium.org/issues/496393742"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-6304",
    "datePublished": "2026-04-15T19:04:50.503Z",
    "dateReserved": "2026-04-14T18:12:22.316Z",
    "dateUpdated": "2026-05-26T18:45:39.655Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6305 (GCVE-0-2026-6305)

Vulnerability from cvelistv5 – Published: 2026-04-15 19:04 – Updated: 2026-05-27 17:08

Summary

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-122 - Heap buffer overflow
CWE-122 - Heap-based Buffer Overflow

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/04/sta…
https://issues.chromium.org/issues/496618639

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 147.0.7727.101 , < 147.0.7727.101 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6305",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-16T03:56:18.629716Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-122",
                "description": "CWE-122 Heap-based Buffer Overflow",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-27T17:08:47.986Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "147.0.7727.101",
              "status": "affected",
              "version": "147.0.7727.101",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap buffer overflow",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-15T19:04:50.926Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"
        },
        {
          "url": "https://issues.chromium.org/issues/496618639"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-6305",
    "datePublished": "2026-04-15T19:04:50.926Z",
    "dateReserved": "2026-04-14T18:12:22.696Z",
    "dateUpdated": "2026-05-27T17:08:47.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1130

CVE-2026-6296 (GCVE-0-2026-6296)

CVE-2026-6297 (GCVE-0-2026-6297)

CVE-2026-6298 (GCVE-0-2026-6298)

CVE-2026-6299 (GCVE-0-2026-6299)

CVE-2026-6300 (GCVE-0-2026-6300)

CVE-2026-6301 (GCVE-0-2026-6301)

CVE-2026-6302 (GCVE-0-2026-6302)

CVE-2026-6303 (GCVE-0-2026-6303)

CVE-2026-6304 (GCVE-0-2026-6304)

CVE-2026-6305 (GCVE-0-2026-6305)

Tags

Sightings

Nomenclature