CVE-2026-6361: Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI…

CVE-2026-4439 [HIGH] PAN-SA-2026-0007 Chromium and Prisma Browser: Monthly Vulnerability Update (May 2026) PAN-SA-2026-0007 Chromium and Prisma Browser: Monthly Vulnerability Update (May 2026) Palo Alto Networks incorporated the following Chromium security fixes into our products: https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_22.html https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html CVE Summary CVE-2026-4439 Out of bounds memory access in WebGL CVE-2026-4440 Out of bounds read and write in WebGL CVE-2026-4441 Use after free in Base CVE-2026-4442 Heap buffer overflow in

CVE-2026-6361 [HIGH] Stable Channel Update for Desktop: CVE-2026-6361 Stable Channel Update for Desktop CVE-2026-6361: Heap buffer overflow in PDFium. Reported by Google on 2026-04-06 [TBD][ 500066234 ] High CVE-2026-6362: Use after free in Codecs Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-07 [N/A][ 500091052 ] High CVE-2026-6317: Use after free in Cast Severity: high

CVE-2026-6361 [HIGH] CWE-120 chromium-browser: Heap buffer overflow in PDFium chromium-browser: Heap buffer overflow in PDFium A heap buffer overflow flaw was found in the PDFium component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=500036290 Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.

CVE-2026-6361 [HIGH] Google Chrome up to 147.0.7727.55 on Windows PDFium heap-based overflow (ID 500036) A vulnerability classified as critical was found in Google Chrome on Windows. Affected by this issue is some unknown functionality of the component PDFium. The manipulation results in heap-based buffer overflow. This vulnerability was named CVE-2026-6361. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

CVE-2026-6361 [HIGH] CWE-122 GHSA-q3hg-2w34-64m3: Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147 Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

CVE-2026-6299 [HIGH] CVE-2026-6299 CVE-2026-6303 CVE-2026-6304 CVE-2026-6308 CVE-2026-6309 CVE-2026-6310 CVE-2026-6311 CVE-2026-6312 CVE-2026-6313 CVE-2026-6314 CVE-2026-6315 CVE-2026-6316 CVE-2026-6317 CVE-2026-6361 CVE- CVE-2026-6299 CVE-2026-6303 CVE-2026-6304 CVE-2026-6308 CVE-2026-6309 CVE-2026-6310 CVE-2026-6311 CVE-2026-6312 CVE-2026-6313 CVE-2026-6314 CVE-2026-6315 CVE-2026-6316 CVE-2026-6317 CVE-2026-6361 CVE-2026-6363 ... chromium: various flaws [fedora-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

CVE-2026-6299 [HIGH] CVE-2026-6299 CVE-2026-6303 CVE-2026-6304 CVE-2026-6308 CVE-2026-6309 CVE-2026-6310 CVE-2026-6311 CVE-2026-6312 CVE-2026-6313 CVE-2026-6314 CVE-2026-6315 CVE-2026-6316 CVE-2026-6317 CVE-2026-6361 CVE- CVE-2026-6299 CVE-2026-6303 CVE-2026-6304 CVE-2026-6308 CVE-2026-6309 CVE-2026-6310 CVE-2026-6311 CVE-2026-6312 CVE-2026-6313 CVE-2026-6314 CVE-2026-6315 CVE-2026-6316 CVE-2026-6317 CVE-2026-6361 CVE-2026-6363 ... chromium: various flaws [epel-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

CVE-2026-6361 [HIGH] CVE-2026-6361 PDFium: Google Chrome: Chromium: PDFium in Google Chrome: Arbitrary code execution via crafted PDF file CVE-2026-6361 PDFium: Google Chrome: Chromium: PDFium in Google Chrome: Arbitrary code execution via crafted PDF file Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)