CVE-2026-6307: Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML…

CVE-2026-6307 [HIGH] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2026-6307 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2026-6307

CVE-2026-6307 [HIGH] CWE-843 chromium-browser: Type Confusion in Turbofan chromium-browser: Type Confusion in Turbofan A type confusion flaw was found in the Turbofan component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=497404188 Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.

CVE-2026-6306 [HIGH] Stable Channel Update for Desktop: CVE-2026-6306 Stable Channel Update for Desktop CVE-2026-6306: Heap buffer overflow in PDFium. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-27 [TBD][ 497404188 ] High CVE-2026-6307: Type Confusion in Turbofan Reported by Project WhatForLunch (@pjwhatforlunch) on 2026-03-29 [N/A][ 497412658 ] High CVE-2026-6308: Out of bounds read in Media Severity: high

CVE-2026-6307 [HIGH] Google Chrome up to 147.0.7727.55 Turbofan type confusion (ID 497404) A vulnerability, which was classified as critical, has been found in Google Chrome. Affected is an unknown function of the component Turbofan. The manipulation leads to type confusion. This vulnerability is referenced as CVE-2026-6307. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

CVE-2026-6307 [HIGH] CWE-843 GHSA-3m3g-56cx-59q7: Type Confusion in Turbofan in Google Chrome prior to 147 Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2026-6296 [CRITICAL] CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE- CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [epel-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

CVE-2026-6296 [CRITICAL] CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE- CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [fedora-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

CVE-2026-6307 [HIGH] CVE-2026-6307 chromium-browser: Type Confusion in Turbofan CVE-2026-6307 chromium-browser: Type Confusion in Turbofan Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)