CVE-2026-6296
published 2026-04-15CVE-2026-6296: Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML…
critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | < 147.0.7727.101 | 147.0.7727.101 | |
| chrome | >= 147.0.7727.101 < 147.0.7727.101 | 147.0.7727.101 | |
| chrome_chrome | — | — |
VulDB
Google Chrome up to 147.0.7727.55 ANGLE heap-based overflow (ID 490170 / Nessus ID 307658)
vuldb·2026-04-28·CVSS 9.6
CVE-2026-6296 [CRITICAL] Google Chrome up to 147.0.7727.55 ANGLE heap-based overflow (ID 490170 / Nessus ID 307658)
A vulnerability was found in Google Chrome and classified as critical. Affected is an unknown function of the component ANGLE. The manipulation results in heap-based buffer overflow.
This vulnerability is cataloged as CVE-2026-6296. The attack may be launched remotely. There is no exploit available.
It is suggested to upgrade the affected component.
GHSA
GHSA-vhp9-v4r9-mxwj: Heap buffer overflow in ANGLE in Google Chrome prior to 147
ghsa_unreviewed·2026-04-15
CVE-2026-6296 [CRITICAL] CWE-122 GHSA-vhp9-v4r9-mxwj: Heap buffer overflow in ANGLE in Google Chrome prior to 147
Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Red Hat
chromium-browser: Heap buffer overflow in ANGLE
vendor_redhat·2026-04-15·CVSS 9.6
CVE-2026-6296 [CRITICAL] CWE-131 chromium-browser: Heap buffer overflow in ANGLE
chromium-browser: Heap buffer overflow in ANGLE
A heap buffer overflow flaw was found in the ANGLE component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=490170083
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Chrome
Stable Channel Update for Desktop: CVE-2026-6296
vendor_chrome·2026-04-15·CVSS 9.6
CVE-2026-6296 [CRITICAL] Stable Channel Update for Desktop: CVE-2026-6296
Stable Channel Update for Desktop
CVE-2026-6296: Heap buffer overflow in ANGLE. Reported by cinzinga on 2026-03-05 [$10000][ 493628982 ] Critical CVE-2026-6297: Use after free in Proxy
Reported by heapracer on 2026-03-17 [TBD][ 495700484 ] Critical CVE-2026-6298: Heap buffer overflow in Skia
Severity: critical
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-
bugzilla·2026-04-15·CVSS 9.6
CVE-2026-6296 [CRITICAL] CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-
CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-
bugzilla·2026-04-15·CVSS 9.6
CVE-2026-6296 [CRITICAL] CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-
CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-6296 chromium-browser: Heap buffer overflow in ANGLE
bugzilla·2026-04-15·CVSS 9.6
CVE-2026-6296 [CRITICAL] CVE-2026-6296 chromium-browser: Heap buffer overflow in ANGLE
CVE-2026-6296 chromium-browser: Heap buffer overflow in ANGLE
Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Hackernews
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
blogs_hackernews·2026-04-20
CVE-2026-20184 ⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push payloads. It’s not breaking systems—it’s bending trust.
There’s also a shift in how attacks run. Slower check-ins, multi-stage payloads, andmore code kept in memory. Attackers lean on real tools and normal workflows instead of custom builds. Some cas
2026-04-15
Published