CVE-2026-6298: Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory…

CVE-2026-6298 [MEDIUM] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2026-6298 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2026-6298

CVE-2026-6298 [MEDIUM] CWE-787 chromium-browser: Heap buffer overflow in Skia chromium-browser: Heap buffer overflow in Skia A heap buffer overflow flaw was found in the Skia component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=495700484 Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.

CVE-2026-6296 [CRITICAL] Stable Channel Update for Desktop: CVE-2026-6296 Stable Channel Update for Desktop CVE-2026-6296: Heap buffer overflow in ANGLE. Reported by cinzinga on 2026-03-05 [$10000][ 493628982 ] Critical CVE-2026-6297: Use after free in Proxy Reported by heapracer on 2026-03-17 [TBD][ 495700484 ] Critical CVE-2026-6298: Heap buffer overflow in Skia Severity: critical

CVE-2026-6298 [MEDIUM] Google Chrome up to 147.0.7727.55 Skia heap-based overflow (ID 495700 / Nessus ID 307658) A vulnerability was found in Google Chrome. It has been classified as critical. Affected by this vulnerability is an unknown functionality of the component Skia. This manipulation causes heap-based buffer overflow. This vulnerability is registered as CVE-2026-6298. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

CVE-2026-6298 [MEDIUM] CWE-122 GHSA-3p5h-985r-gw4g: Heap buffer overflow in Skia in Google Chrome prior to 147 Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-6296 [CRITICAL] CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE- CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [epel-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

CVE-2026-6296 [CRITICAL] CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE- CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [fedora-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

CVE-2026-6298 [MEDIUM] CVE-2026-6298 chromium-browser: Heap buffer overflow in Skia CVE-2026-6298 chromium-browser: Heap buffer overflow in Skia Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-20184 ⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More Home Threat Intelligence Vulnerabilities Cyber Attacks Webinars Expert Insights Awards Webinars Awards Free eBooks About THN Jobs Advertise with us ## ⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push payloads. It’s not breaking systems—it’s bending trust. There’s also a shift in how attacks run. Slower check-ins, multi-stage payloads, andmore code kept in memory. Attackers lean on real tools and normal workflows instead of custom builds. Some cas