CVE-2026-6364 — Out-of-bounds Read in Google Chrome

CWE-125 — Out-of-bounds Read6 documents6 sources

Severity

4.3MEDIUM

No vector

EPSS

0.0%

top 92.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Google Chrome Chrome

Timeline

PublishedApr 15

Latest updateApr 16

Description

Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security severity: Medium)

Affected Packages2 packages

▶CVEListV5google/chrome147.0.7727.101 — 147.0.7727.101

▶googlegoogle/chrome_chrome

🔴Vulnerability Details

VulDB

Google Chrome up to 147.0.7727.55 Skia out-of-bounds (ID 502103)↗2026-04-16

▶

GHSA

GHSA-xm65-r32w-c46p: Out of bounds read in Skia in Google Chrome prior to 147↗2026-04-15

▶

📋Vendor Advisories

Red Hat

chromium-browser: Out of bounds read in Skia↗2026-04-15

▶

Chrome

Stable Channel Update for Desktop: CVE-2026-6364↗2026-04-15

▶

💬Community

Bugzilla

CVE-2026-6364 Skia: Google Chrome: Chromium: Skia: Information disclosure via out-of-bounds read in Google Chrome↗2026-04-15

▶