CVE-2026-6317
published 2026-04-15CVE-2026-6317: Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | < 147.0.7727.101 | 147.0.7727.101 | |
| chrome | >= 147.0.7727.101 < 147.0.7727.101 | 147.0.7727.101 | |
| chrome_chrome | — | — |
VulDB
Google Chrome up to 147.0.7727.55 Cast use after free (ID 500091)
vuldb·2026-04-16·CVSS 8.8
CVE-2026-6317 [HIGH] Google Chrome up to 147.0.7727.55 Cast use after free (ID 500091)
A vulnerability labeled as critical has been found in Google Chrome. This affects an unknown function of the component Cast. Such manipulation leads to use after free.
This vulnerability is traded as CVE-2026-6317. The attack may be launched remotely. There is no exploit available.
The affected component should be upgraded.
GHSA
GHSA-m8qq-h68v-7p42: Use after free in Cast in Google Chrome prior to 147
ghsa_unreviewed·2026-04-15
CVE-2026-6317 [HIGH] CWE-416 GHSA-m8qq-h68v-7p42: Use after free in Cast in Google Chrome prior to 147
Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Chrome
Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2026-6317
vendor_chrome·2026-04-22·CVSS 8.8
CVE-2026-6317 [HIGH] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2026-6317
Stable Channel Update for ChromeOS / ChromeOS Flex
CVE-2026-6317
Red Hat
chromium-browser: Use after free in Cast
vendor_redhat·2026-04-15·CVSS 8.8
CVE-2026-6317 [HIGH] CWE-825 chromium-browser: Use after free in Cast
chromium-browser: Use after free in Cast
An use after free flaw was found in the Cast component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=500091052
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Chrome
Stable Channel Update for Desktop: CVE-2026-6361
vendor_chrome·2026-04-15·CVSS 8.8
CVE-2026-6361 [HIGH] Stable Channel Update for Desktop: CVE-2026-6361
Stable Channel Update for Desktop
CVE-2026-6361: Heap buffer overflow in PDFium. Reported by Google on 2026-04-06 [TBD][ 500066234 ] High CVE-2026-6362: Use after free in Codecs
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-07 [N/A][ 500091052 ] High CVE-2026-6317: Use after free in Cast
Severity: high
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-6299 CVE-2026-6303 CVE-2026-6304 CVE-2026-6308 CVE-2026-6309 CVE-2026-6310 CVE-2026-6311 CVE-2026-6312 CVE-2026-6313 CVE-2026-6314 CVE-2026-6315 CVE-2026-6316 CVE-2026-6317 CVE-2026-6361 CVE-
bugzilla·2026-04-17·CVSS 8.8
CVE-2026-6299 [HIGH] CVE-2026-6299 CVE-2026-6303 CVE-2026-6304 CVE-2026-6308 CVE-2026-6309 CVE-2026-6310 CVE-2026-6311 CVE-2026-6312 CVE-2026-6313 CVE-2026-6314 CVE-2026-6315 CVE-2026-6316 CVE-2026-6317 CVE-2026-6361 CVE-
CVE-2026-6299 CVE-2026-6303 CVE-2026-6304 CVE-2026-6308 CVE-2026-6309 CVE-2026-6310 CVE-2026-6311 CVE-2026-6312 CVE-2026-6313 CVE-2026-6314 CVE-2026-6315 CVE-2026-6316 CVE-2026-6317 CVE-2026-6361 CVE-2026-6363 ... chromium: various flaws [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-6299 CVE-2026-6303 CVE-2026-6304 CVE-2026-6308 CVE-2026-6309 CVE-2026-6310 CVE-2026-6311 CVE-2026-6312 CVE-2026-6313 CVE-2026-6314 CVE-2026-6315 CVE-2026-6316 CVE-2026-6317 CVE-2026-6361 CVE-
bugzilla·2026-04-17·CVSS 8.8
CVE-2026-6299 [HIGH] CVE-2026-6299 CVE-2026-6303 CVE-2026-6304 CVE-2026-6308 CVE-2026-6309 CVE-2026-6310 CVE-2026-6311 CVE-2026-6312 CVE-2026-6313 CVE-2026-6314 CVE-2026-6315 CVE-2026-6316 CVE-2026-6317 CVE-2026-6361 CVE-
CVE-2026-6299 CVE-2026-6303 CVE-2026-6304 CVE-2026-6308 CVE-2026-6309 CVE-2026-6310 CVE-2026-6311 CVE-2026-6312 CVE-2026-6313 CVE-2026-6314 CVE-2026-6315 CVE-2026-6316 CVE-2026-6317 CVE-2026-6361 CVE-2026-6363 ... chromium: various flaws [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-6317 Google Chrome: Chromium: Google Chrome and Chromium: Arbitrary code execution via a crafted HTML page
bugzilla·2026-04-15·CVSS 8.8
CVE-2026-6317 [HIGH] CVE-2026-6317 Google Chrome: Chromium: Google Chrome and Chromium: Arbitrary code execution via a crafted HTML page
CVE-2026-6317 Google Chrome: Chromium: Google Chrome and Chromium: Arbitrary code execution via a crafted HTML page
Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
2026-04-15
Published