CVE-2026-6305 — Heap-based Buffer Overflow in Google

Vendor	Product	Version range	Fixed in
google	chrome	< 147.0.7727.101	147.0.7727.101
google	chrome	>= 147.0.7727.101 < 147.0.7727.101	147.0.7727.101
google	chrome_chrome	—	—
paloalto	prisma_browser	—	—

Palo Alto

PAN-SA-2026-0007 Chromium and Prisma Browser: Monthly Vulnerability Update (May 2026)

vendor_paloalto·2026-05-13·CVSS 8.8

CVE-2026-4439 [HIGH] PAN-SA-2026-0007 Chromium and Prisma Browser: Monthly Vulnerability Update (May 2026) PAN-SA-2026-0007 Chromium and Prisma Browser: Monthly Vulnerability Update (May 2026) Palo Alto Networks incorporated the following Chromium security fixes into our products: https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_22.html https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html CVE Summary CVE-2026-4439 Out of bounds memory access in WebGL CVE-2026-4440 Out of bounds read and write in WebGL CVE-2026-4441 Use after free in Base CVE-2026-4442 Heap buffer overflow in

Chrome

Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2026-6305

vendor_chrome·2026-04-22·CVSS 8.8

CVE-2026-6305 [HIGH] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2026-6305 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2026-6305

Chrome

Stable Channel Update for Desktop: CVE-2026-6303

vendor_chrome·2026-04-15·CVSS 8.3

CVE-2026-6303 [HIGH] Stable Channel Update for Desktop: CVE-2026-6303 Stable Channel Update for Desktop CVE-2026-6303: Use after free in Codecs. Reported by Google on 2026-03-25 [N/A][ 496393742 ] High CVE-2026-6304: Use after free in Graphite Reported by Google on 2026-03-26 [TBD][ 496618639 ] High CVE-2026-6305: Heap buffer overflow in PDFium Severity: high

Red Hat

chromium-browser: Heap buffer overflow in PDFium

vendor_redhat·2026-04-15·CVSS 8.8

CVE-2026-6305 [HIGH] CWE-787 chromium-browser: Heap buffer overflow in PDFium chromium-browser: Heap buffer overflow in PDFium A heap buffer overflow flaw was found in the PDFium component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=496618639 Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.

VulDB

Google Chrome up to 147.0.7727.55 PDFium heap-based overflow (ID 496618 / Nessus ID 307658)

vuldb·2026-04-28·CVSS 8.8

CVE-2026-6305 [HIGH] Google Chrome up to 147.0.7727.55 PDFium heap-based overflow (ID 496618 / Nessus ID 307658) A vulnerability described as critical has been identified in Google Chrome. The impacted element is an unknown function of the component PDFium. Such manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-6305. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

GHSA

GHSA-j7wg-hx8x-r38h: Heap buffer overflow in PDFium in Google Chrome prior to 147

ghsa_unreviewed·2026-04-15

CVE-2026-6305 [HIGH] CWE-122 GHSA-j7wg-hx8x-r38h: Heap buffer overflow in PDFium in Google Chrome prior to 147 Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

CVE-2026-6305: Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF…

Affected