CVE-2026-6311 — Use of Uninitialized Variable in Google Chrome
CWE-457 — Use of Uninitialized VariableCWE-824 — Access of Uninitialized Pointer7 documents7 sources
Severity
8.3HIGHNVD
EPSS
0.0%
top 93.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 15
Latest updateApr 16
Description
Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.6 | Impact: 6.0
Affected Packages1 packages
🔴Vulnerability Details
3VulDB▶
Google Chrome up to 147.0.7727.55 on Windows Accessibility uninitialized variable (ID 498201)↗2026-04-16
CVEList▶
CVE-2026-6311: Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147↗2026-04-15
GHSA▶
GHSA-vhh6-f54w-x5gw: Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147↗2026-04-15
📋Vendor Advisories
2💬Community
1Bugzilla▶
CVE-2026-6311 Google Chrome: Chromium: Google Chrome: Sandbox escape via uninitialized use in Accessibility↗2026-04-15