CVE-2026-6318
published 2026-04-15CVE-2026-6318: Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | < 147.0.7727.101 | 147.0.7727.101 | |
| chrome | >= 147.0.7727.101 < 147.0.7727.101 | 147.0.7727.101 | |
| chrome_chrome | — | — |
Chrome
Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2026-6318
vendor_chrome·2026-04-22
CVE-2026-6318 Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2026-6318
Stable Channel Update for ChromeOS / ChromeOS Flex
CVE-2026-6318
Red Hat
chromium-browser: Use after free in Codecs
vendor_redhat·2026-04-15·CVSS 9.6
CVE-2026-6318 [MEDIUM] CWE-825 chromium-browser: Use after free in Codecs
chromium-browser: Use after free in Codecs
An use after free flaw was found in the Codecs component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=495996858
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Chrome
Stable Channel Update for Desktop: CVE-2026-6363
vendor_chrome·2026-04-15·CVSS 8.8
CVE-2026-6363 [MEDIUM] Stable Channel Update for Desktop: CVE-2026-6363
Stable Channel Update for Desktop
CVE-2026-6363: Type Confusion in V8. Reported by Google on 2026-03-24 [TBD][ 495996858 ] Medium CVE-2026-6318: Use after free in Codecs
Reported by Syn4pse on 2026-03-25 [TBD][ 499018889 ] Medium CVE-2026-6319: Use after free in Payments
Severity: medium
VulDB
Google Chrome up to 147.0.7727.55 Codecs use after free (ID 495996)
vuldb·2026-04-16
CVE-2026-6318 [CRITICAL] Google Chrome up to 147.0.7727.55 Codecs use after free (ID 495996)
A vulnerability was found in Google Chrome. It has been declared as critical. This issue affects some unknown processing of the component Codecs. Executing a manipulation can lead to use after free.
This vulnerability is registered as CVE-2026-6318. It is possible to launch the attack remotely. No exploit is available.
It is recommended to upgrade the affected component.
VulDB
Google Chrome up to 147.0.7727.55 Codecs use after free (ID 495996)
vuldb·2026-04-16
CVE-2026-6318 [CRITICAL] Google Chrome up to 147.0.7727.55 Codecs use after free (ID 495996)
A vulnerability marked as critical has been reported in Google Chrome. This impacts an unknown function of the component Codecs. Performing a manipulation results in use after free.
This vulnerability is known as CVE-2026-6318. Remote exploitation of the attack is possible. No exploit is available.
It is suggested to upgrade the affected component.
GHSA
GHSA-fmvf-422w-w34q: Use after free in Codecs in Google Chrome prior to 147
ghsa_unreviewed·2026-04-15
CVE-2026-6318 CWE-416 GHSA-fmvf-422w-w34q: Use after free in Codecs in Google Chrome prior to 147
Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-6318 chromium-browser: Use after free in Codecs
bugzilla·2026-04-15
CVE-2026-6318 [MEDIUM] CVE-2026-6318 chromium-browser: Use after free in Codecs
CVE-2026-6318 chromium-browser: Use after free in Codecs
Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Bugzilla
CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-
bugzilla·2026-04-15·CVSS 9.6
CVE-2026-6296 [CRITICAL] CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-
CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-
bugzilla·2026-04-15·CVSS 9.6
CVE-2026-6296 [CRITICAL] CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-
CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
2026-04-15
Published