CVE-2026-6308 — Out-of-bounds Read in Google Chrome

CWE-125 — Out-of-bounds Read7 documents7 sources

Severity

7.5HIGHCNA

No vector

EPSS

0.1%

top 76.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedApr 15

Latest updateApr 16

Description

Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Affected Packages1 packages

▶CVEListV5google/chrome147.0.7727.101 — 147.0.7727.101

🔴Vulnerability Details

VulDB

Google Chrome up to 147.0.7727.55 Media out-of-bounds (ID 497412)↗2026-04-16

▶

CVEList

CVE-2026-6308: Out of bounds read in Media in Google Chrome prior to 147↗2026-04-15

▶

GHSA

GHSA-q6m3-mcr7-qwwq: Out of bounds read in Media in Google Chrome prior to 147↗2026-04-15

▶

📋Vendor Advisories

Red Hat

chromium-browser: Out of bounds read in Media↗2026-04-15

▶

Chrome

Stable Channel Update for Desktop: CVE-2026-6306↗2026-04-15

▶

💬Community

Bugzilla

CVE-2026-6308 Google Chrome: Chromium: Google Chrome: Arbitrary code execution via out-of-bounds read in Media component↗2026-04-15

▶