CVE-2026-6303
published 2026-04-15CVE-2026-6303: Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | < 147.0.7727.101 | 147.0.7727.101 | |
| chrome | >= 147.0.7727.101 < 147.0.7727.101 | 147.0.7727.101 | |
| chrome_chrome | — | — |
Chrome
Stable Channel Update for Desktop: CVE-2026-6303
vendor_chrome·2026-04-15·CVSS 8.3
CVE-2026-6303 [HIGH] Stable Channel Update for Desktop: CVE-2026-6303
Stable Channel Update for Desktop
CVE-2026-6303: Use after free in Codecs. Reported by Google on 2026-03-25 [N/A][ 496393742 ] High CVE-2026-6304: Use after free in Graphite
Reported by Google on 2026-03-26 [TBD][ 496618639 ] High CVE-2026-6305: Heap buffer overflow in PDFium
Severity: high
Red Hat
chromium-browser: Use after free in Codecs
vendor_redhat·2026-04-15·CVSS 9.6
CVE-2026-6303 [HIGH] CWE-825 chromium-browser: Use after free in Codecs
chromium-browser: Use after free in Codecs
An use after free flaw was found in the Codecs component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=496282147
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
VulDB
Google Chrome up to 147.0.7727.55 Codecs use after free (ID 496282 / Nessus ID 307658)
vuldb·2026-04-28
CVE-2026-6303 [CRITICAL] Google Chrome up to 147.0.7727.55 Codecs use after free (ID 496282 / Nessus ID 307658)
A vulnerability marked as critical has been reported in Google Chrome. The affected element is an unknown function of the component Codecs. This manipulation causes use after free.
This vulnerability is handled as CVE-2026-6303. The attack can be initiated remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
GHSA
GHSA-wrr6-q4vw-3g77: Use after free in Codecs in Google Chrome prior to 147
ghsa_unreviewed·2026-04-15
CVE-2026-6303 CWE-416 GHSA-wrr6-q4vw-3g77: Use after free in Codecs in Google Chrome prior to 147
Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-6299 CVE-2026-6303 CVE-2026-6304 CVE-2026-6308 CVE-2026-6309 CVE-2026-6310 CVE-2026-6311 CVE-2026-6312 CVE-2026-6313 CVE-2026-6314 CVE-2026-6315 CVE-2026-6316 CVE-2026-6317 CVE-2026-6361 CVE-
bugzilla·2026-04-17·CVSS 8.8
CVE-2026-6299 [HIGH] CVE-2026-6299 CVE-2026-6303 CVE-2026-6304 CVE-2026-6308 CVE-2026-6309 CVE-2026-6310 CVE-2026-6311 CVE-2026-6312 CVE-2026-6313 CVE-2026-6314 CVE-2026-6315 CVE-2026-6316 CVE-2026-6317 CVE-2026-6361 CVE-
CVE-2026-6299 CVE-2026-6303 CVE-2026-6304 CVE-2026-6308 CVE-2026-6309 CVE-2026-6310 CVE-2026-6311 CVE-2026-6312 CVE-2026-6313 CVE-2026-6314 CVE-2026-6315 CVE-2026-6316 CVE-2026-6317 CVE-2026-6361 CVE-2026-6363 ... chromium: various flaws [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-6299 CVE-2026-6303 CVE-2026-6304 CVE-2026-6308 CVE-2026-6309 CVE-2026-6310 CVE-2026-6311 CVE-2026-6312 CVE-2026-6313 CVE-2026-6314 CVE-2026-6315 CVE-2026-6316 CVE-2026-6317 CVE-2026-6361 CVE-
bugzilla·2026-04-17·CVSS 8.8
CVE-2026-6299 [HIGH] CVE-2026-6299 CVE-2026-6303 CVE-2026-6304 CVE-2026-6308 CVE-2026-6309 CVE-2026-6310 CVE-2026-6311 CVE-2026-6312 CVE-2026-6313 CVE-2026-6314 CVE-2026-6315 CVE-2026-6316 CVE-2026-6317 CVE-2026-6361 CVE-
CVE-2026-6299 CVE-2026-6303 CVE-2026-6304 CVE-2026-6308 CVE-2026-6309 CVE-2026-6310 CVE-2026-6311 CVE-2026-6312 CVE-2026-6313 CVE-2026-6314 CVE-2026-6315 CVE-2026-6316 CVE-2026-6317 CVE-2026-6361 CVE-2026-6363 ... chromium: various flaws [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-6303 Google Chrome: Chromium: Google Chrome / Chromium Codecs: Arbitrary Code Execution via crafted HTML page
bugzilla·2026-04-15
CVE-2026-6303 [CRITICAL] CVE-2026-6303 Google Chrome: Chromium: Google Chrome / Chromium Codecs: Arbitrary Code Execution via crafted HTML page
CVE-2026-6303 Google Chrome: Chromium: Google Chrome / Chromium Codecs: Arbitrary Code Execution via crafted HTML page
Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
2026-04-15
Published