CVE-2026-6361 — Heap-based Buffer Overflow in Google Chrome

CWE-122 — Heap-based Buffer Overflow CWE-120 — Classic Buffer Overflow6 documents6 sources

Severity

7.2HIGHNVD

EPSS

0.0%

top 96.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedApr 15

Latest updateApr 16

Description

Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5google/chrome147.0.7727.101 — 147.0.7727.101

🔴Vulnerability Details

VulDB

Google Chrome up to 147.0.7727.55 on Windows PDFium heap-based overflow (ID 500036)↗2026-04-16

▶

CVEList

CVE-2026-6361: Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147↗2026-04-15

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2026-6361↗2026-04-15

▶

Red Hat

chromium-browser: Heap buffer overflow in PDFium↗2026-04-15

▶

💬Community

Bugzilla

CVE-2026-6361 PDFium: Google Chrome: Chromium: PDFium in Google Chrome: Arbitrary code execution via crafted PDF file↗2026-04-15

▶